Cache-based Side Channel Vulnerability in GnuTLS
CVE-2018-10846

5.3MEDIUM

Key Information:

Vendor

[unknown]

Status
Gnutls
Vendor
CVE Published:
22 August 2018

What is CVE-2018-10846?

A cache-based side channel vulnerability exists in GnuTLS, allowing attackers to exploit a combination of 'Just in Time' Prime+probe attacks and the Lucky-13 attack. This vulnerability could enable the recovery of plaintext data from encrypted communications in a cross-VM execution context through specially crafted packets, posing significant security risks to systems using GnuTLS.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gnutls

References

https://eprint.iacr.org/2018/747
x_refsource_MISC
https://gitlab.com/gnutls/gnutls/merge_requests/657
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.