Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2024-0553

UNKNOWN

Published 2024-01-16T11:40:50.677Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-0553. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.5

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.004

probability

of exploitation in the wild

There is a 0.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.724

Higher than 72.4% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Description

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

3.8.0

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:3.6.16-8.el8_9.1

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:3.6.16-8.el8_9.1

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

0:3.6.16-5.el8_6.3

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Affected Versions:

0:3.6.16-7.el8_8.2

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:3.7.6-23.el9_3.3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:3.7.6-23.el9_3.3

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:3.7.6-21.el9_2.2

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-37

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-68

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-39

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-58

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-13

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-81

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-79

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-22

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-57

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-6

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-15

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-15

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-54

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-10

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-26

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-19

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-158

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-21

Red Hat

RHODF-4.15-RHEL-9

Affected Versions:

v4.15.0-103

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-22

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-11

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v6.8.1-407

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-19

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v1.0.0-479

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-7

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v0.4.0-247

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-5

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v1.1.0-227

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.1-470

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v2.9.6-14

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-2

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-24

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v5.8.6-10

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v0.1.0-525

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v0.1.0-224

Red Hat

RHOL-5.8-RHEL-9

Affected Versions:

v0.28.1-56

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 7

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-x697-v25m-6phv

Advisory Details

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-0553

WEB https://access.redhat.com/errata/RHSA-2024:0533

WEB https://access.redhat.com/errata/RHSA-2024:0627

WEB https://access.redhat.com/errata/RHSA-2024:0796

WEB https://access.redhat.com/errata/RHSA-2024:1082

WEB https://access.redhat.com/errata/RHSA-2024:1108

WEB https://access.redhat.com/errata/RHSA-2024:1383

WEB https://access.redhat.com/errata/RHSA-2024:2094

WEB https://access.redhat.com/security/cve/CVE-2024-0553

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2258412

WEB https://gitlab.com/gnutls/gnutls/-/issues/1522

WEB https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2

WEB https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html

WEB https://security.netapp.com/advisory/ntap-20240202-0011

WEB http://www.openwall.com/lists/oss-security/2024/01/19/3

Advisory provided by GitHub Security Advisory Database. Published: January 16, 2024, Modified: July 8, 2024

References

https://access.redhat.com/errata/RHSA-2024:0533

https://access.redhat.com/errata/RHSA-2024:0627

https://access.redhat.com/errata/RHSA-2024:0796

https://access.redhat.com/errata/RHSA-2024:1082

https://access.redhat.com/errata/RHSA-2024:1108

https://access.redhat.com/errata/RHSA-2024:1383

https://access.redhat.com/errata/RHSA-2024:2094

https://access.redhat.com/security/cve/CVE-2024-0553

https://bugzilla.redhat.com/show_bug.cgi?id=2258412

https://gitlab.com/gnutls/gnutls/-/issues/1522

https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html

Published: 2024-01-16T11:40:50.677Z

Last Modified: 2024-11-23T00:10:16.608Z

Copied to clipboard!