CVE-2024-0553

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-203
View all →

Vulnerability Description

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Related Vulnerabilities

CVE-2016-6489

HIGH
CVSS:7.5(High)

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CWE-2032016

CVE-2017-9735

HIGH
CVSS:7.5(High)

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect pa...

CWE-2032017

CVE-2018-9364

HIGH
CVSS:7.5(High)

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

CWE-2032018

CVE-2019-10114

HIGH
CVSS:7.5(High)

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication pr...

CWE-2032019

CVE-2019-18850

HIGH
CVSS:7.5(High)

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and int...

CWE-2032019