Movatterモバイル変換

[0]ホーム
URL:

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected tohttps://nvd.nist.gov

U.S. flag  An official website of the United States government
Dot gov

Official websites use .gov
A.gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
Alock (Dot gov) orhttps:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • VulnerabilitiesExpand or Collapse
  • Vulnerability MetricsExpand or Collapse
  • ProductsExpand or Collapse

    CPE Dictionary

    CPE Search

    CPE Statistics

    SWID

  • DevelopersExpand or Collapse

    Start Here

    Request an API Key

    Vulnerabilities

    Products

    Data Sources

    Terms of Use

  • Contact NVD
  • Other SitesExpand or Collapse

    Checklist (NCP) Repository

    Configurations (CCE)

    800-53 Controls

    SCAPValidated Tools

    SCAP

    USGCB

  • SearchExpand or Collapse

    Vulnerability Search

    CPE Search

    • Information Technology Laboratory

    National Vulnerability Database

    National Vulnerability Database

    NVD

    National Vulnerability Database
    1. Vulnerabilities
    AddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReferenceAddedReference

    CVE-2024-0553 Detail

    Modified

    This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

    Current Description

    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.


    View Analysis Description

    Analysis Description

    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

    Metrics

    NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
    CVSS 4.0 Severity and Vector Strings:

    NIST CVSS score
    NIST: NVD
    NVD assessment not yet provided.
    CVSS 3.x Severity and Vector Strings:

    NIST CVSS score matches with CNA score
    CNA: Red Hat, Inc.
    BaseScore: 7.5 HIGH
    Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    CVSS 2.0 Severity and Vector Strings:

    National Institute of Standards and Technology
    NIST: NVD
    BaseScore: N/A
    NVD assessmentnot yet provided.

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to[email protected].

    URLSource(s)Tag(s)
    http://www.openwall.com/lists/oss-security/2024/01/19/3CVE
    https://access.redhat.com/errata/RHSA-2024:0533CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:0627CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:0796CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:1082CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:1108CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:1383CVE, Inc., Red Hat
    https://access.redhat.com/errata/RHSA-2024:2094CVE, Inc., Red Hat
    https://access.redhat.com/security/cve/CVE-2024-0553CVE, Inc., Red HatThird Party Advisory 
    https://bugzilla.redhat.com/show_bug.cgi?id=2258412CVE, Inc., Red HatIssue Tracking Third Party Advisory 
    https://gitlab.com/gnutls/gnutls/-/issues/1522CVE, Inc., Red HatExploit Issue Tracking Vendor Advisory 
    https://lists.debian.org/debian-lts-announce/2024/02/msg00010.htmlCVE
    https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/CVE
    https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/CVE
    https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlCVE, Inc., Red HatMailing List 
    https://security.netapp.com/advisory/ntap-20240202-0011/CVE

    Weakness Enumeration

    CWE-IDCWE NameSource
    CWE-203Observable Discrepancycwe source acceptance levelNIST  Red Hat, Inc.  

    Known Affected Software ConfigurationsSwitch to CPE 2.2

    CPEs loading, please wait.

    Denotes Vulnerable Software
    Are we missing a CPE here? Please let us know.

    Change History

    18 change records foundshow changes

    CVE Modified by CVE11/21/2024 3:46:51 AM

    ActionTypeOld ValueNew Value
    http://www.openwall.com/lists/oss-security/2024/01/19/3


    https://access.redhat.com/errata/RHSA-2024:0533


    https://access.redhat.com/errata/RHSA-2024:0627


    https://access.redhat.com/errata/RHSA-2024:0796


    https://access.redhat.com/errata/RHSA-2024:1082


    https://access.redhat.com/errata/RHSA-2024:1108


    https://access.redhat.com/errata/RHSA-2024:1383


    https://access.redhat.com/errata/RHSA-2024:2094


    https://access.redhat.com/security/cve/CVE-2024-0553


    https://bugzilla.redhat.com/show_bug.cgi?id=2258412


    https://gitlab.com/gnutls/gnutls/-/issues/1522


    https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html


    https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/


    https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/


    https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html


    https://security.netapp.com/advisory/ntap-20240202-0011/


    CVE Modified by Red Hat, Inc.9/16/2024 9:15:08 AM

    ActionTypeOld ValueNew ValueRemovedReference
    Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/01/19/3


    RemovedReference
    Red Hat, Inc. https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html


    RemovedReference
    Red Hat, Inc. https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/


    RemovedReference
    Red Hat, Inc. https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/


    RemovedReference
    Red Hat, Inc. https://security.netapp.com/advisory/ntap-20240202-0011/


    CVE Modified by Red Hat, Inc.7/08/2024 2:15:06 PM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:2094 [No types assigned]


    CVE Modified by Red Hat, Inc.6/27/2024 8:15:17 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:1383 [No types assigned]


    CVE Modified by Red Hat, Inc.5/14/2024 10:41:14 AM

    ActionTypeOld ValueNew Value

    CVE Modified by Red Hat, Inc.3/25/2024 2:15:08 PM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:1108 [No types assigned]


    CVE Modified by Red Hat, Inc.3/05/2024 6:15:08 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:1082 [No types assigned]


    CVE Modified by Red Hat, Inc.2/26/2024 11:27:51 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html [No types assigned]


    CVE Modified by Red Hat, Inc.2/13/2024 4:15:47 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:0796 [No types assigned]


    CVE Modified by Red Hat, Inc.2/08/2024 10:15:09 PM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ [No types assigned]


    CVE Modified by Red Hat, Inc.2/02/2024 9:15:54 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://security.netapp.com/advisory/ntap-20240202-0011/ [No types assigned]


    CVE Modified by Red Hat, Inc.1/31/2024 11:15:45 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:0627 [No types assigned]


    CVE Modified by Red Hat, Inc.1/29/2024 12:15:09 PM

    ActionTypeOld ValueNew ValueChangedDescription
    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.


    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.


    AddedReference
    Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:0533 [No types assigned]


    CVE Modified by Red Hat, Inc.1/29/2024 2:15:09 AM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ [No types assigned]


    CVE Modified by Red Hat, Inc.1/25/2024 1:15:08 PM

    ActionTypeOld ValueNew ValueAddedCVSS V3.1
    Red Hat, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N


    RemovedCVSS V3.1
    Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N


    Initial Analysis by NIST1/24/2024 11:45:57 AM

    ActionTypeOld ValueNew ValueAddedCVSS V3.1
    NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N


    AddedCWE
    NIST CWE-203


    AddedCPE Configuration
    OR     *cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to (excluding) 3.8.3


    AddedCPE Configuration
    OR     *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*


    AddedCPE Configuration
    OR     *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*     *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*


    ChangedReference Type
    http://www.openwall.com/lists/oss-security/2024/01/19/3 No Types Assigned


    http://www.openwall.com/lists/oss-security/2024/01/19/3 Mailing List, Third Party Advisory


    ChangedReference Type
    https://access.redhat.com/security/cve/CVE-2024-0553 No Types Assigned


    https://access.redhat.com/security/cve/CVE-2024-0553 Third Party Advisory


    ChangedReference Type
    https://bugzilla.redhat.com/show_bug.cgi?id=2258412 No Types Assigned


    https://bugzilla.redhat.com/show_bug.cgi?id=2258412 Issue Tracking, Third Party Advisory


    ChangedReference Type
    https://gitlab.com/gnutls/gnutls/-/issues/1522 No Types Assigned


    https://gitlab.com/gnutls/gnutls/-/issues/1522 Exploit, Issue Tracking, Vendor Advisory


    ChangedReference Type
    https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html No Types Assigned


    https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html Mailing List


    CVE Modified by Red Hat, Inc.1/19/2024 4:15:08 PM

    ActionTypeOld ValueNew ValueAddedReference
    Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/01/19/3 [No types assigned]


    New CVE Received from Red Hat, Inc.1/16/2024 7:15:45 AM

    ActionTypeOld ValueNew ValueAddedDescription
    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.


    AddedCVSS V3.1
    Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N


    AddedCWE
    Red Hat, Inc. CWE-203


    AddedReference
    Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2024-0553 [No types assigned]


    AddedReference
    Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2258412 [No types assigned]


    AddedReference
    Red Hat, Inc. https://gitlab.com/gnutls/gnutls/-/issues/1522 [No types assigned]


    AddedReference
    Red Hat, Inc. https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html [No types assigned]


    Quick Info

    CVE Dictionary Entry:
    CVE-2024-0553
    NVD Published Date:
    01/16/2024
    NVD Last Modified:
    11/21/2024
    Source:
    Red Hat, Inc.
    [8]ページ先頭
    ©2009-2025 Movatter.jp