Medium severity5.9NVD Advisory· Published Aug 22, 2018· Updated Jun 17, 2026
CVE-2018-10845
CVE-2018-10845
Description
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords14 versionspkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/gnutls&distro=SUSE%20OpenStack%20Cloud%207
< 3.2.15-18.6.1+ 13 more
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1
Patches
Vulnerability mechanics
References
10- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- gitlab.com/gnutls/gnutls/merge_requests/657nvdPatchThird Party Advisory
- www.securityfocus.com/bid/105138nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:3050nvdThird Party Advisory
- eprint.iacr.org/2018/747nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlnvdThird Party Advisory
- usn.ubuntu.com/3999-1/nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3505nvdBroken Link
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/nvd
News mentions
0No linked articles in our index yet.