CVE-2024-28834

ADVISORY - nist

Summary

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

EPSS Score⁠: 0.01138 (0.775)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - redhat

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.