Unrated severityNVD Advisory· Published Aug 22, 2018· Updated Aug 5, 2024

CVE-2018-10845

Description

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

Affected products

osv-coords14 versions
pkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20OpenStack%20Cloud%207
< 3.2.15-18.6.1+ 13 more
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:3050mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:3505mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/3999-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/105138mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
eprint.iacr.org/2018/747mitrex_refsource_MISC
gitlab.com/gnutls/gnutls/merge_requests/657mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000