A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/gnutls28 | deb | debian | 12 | >=3.7.9-2+deb12u2 | Not yet available |
| debian/gnutls28 | deb | debian | 13 | <3.8.4-2 | 3.8.4-2 |
| debian/gnutls28 | deb | debian | 11 | >=3.7.1-5+deb11u4 | Not yet available |
| debian/gnutls28 | deb | debian | unstable | <3.8.4-2 | 3.8.4-2 |
Severity and metrics
No CVSS data available from this source.
1.6
-
-
-
-
-
-
1.6
-
-
-
-
-
-
-