Vulnerability in GnuTLS HMAC-SHA-256 Implementation
CVE-2018-10844

5.9MEDIUM

Key Information:

Vendor

[unknown]

Status
Gnutls
Vendor
CVE Published:
22 August 2018

What is CVE-2018-10844?

The GnuTLS library's implementation of HMAC-SHA-256 contains a vulnerability that may allow attackers to perform Lucky Thirteen style attacks. By leveraging statistical analyses of timing data, attackers can conduct distinguishing attacks and potentially recover plaintext from the intercepted data. This vulnerability underscores the need for timely updates and enhanced security practices to mitigate risks associated with cryptographic implementation flaws.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gnutls

References

https://eprint.iacr.org/2018/747
x_refsource_MISC
https://gitlab.com/gnutls/gnutls/merge_requests/657
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.