vulnerability
SUSE: CVE-2024-0553: SUSE Linux Security Advisory
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 16, 2024 | Feb 28, 2024 | Jan 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 16, 2024
Added
Feb 28, 2024
Modified
Jan 28, 2025
Description
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Solution(s)
suse-upgrade-gnutlssuse-upgrade-gnutls-guilesuse-upgrade-libgnutls-develsuse-upgrade-libgnutls-devel-32bitsuse-upgrade-libgnutls30suse-upgrade-libgnutls30-32bitsuse-upgrade-libgnutls30-hmacsuse-upgrade-libgnutls30-hmac-32bitsuse-upgrade-libgnutlsxx-develsuse-upgrade-libgnutlsxx28suse-upgrade-libgnutlsxx30

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.