VDB

DEBIAN-CVE-2024-0553

DEBIAN-CVE-2024-0553 PUBLISHED CVSS 7.5 HIGH

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14gnutls280, 0, 0
Debian:13gnutls280, 0, 0
Debian:12gnutls28*, 0, 3.7.9-2
Debian:11gnutls283.7.1-5+deb11u1, 3.7.1-5+deb11u3, 3.7.1-5+deb11u4

Timeline

  • Jan 16, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›