A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
References
Configurations
No configuration.
History
12 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 May 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Apr 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
21 Mar 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-21 14:15
Updated : 2024-09-12 20:15
NVD link : CVE-2024-28834
Mitre link : CVE-2024-28834
CVE.ORG link : CVE-2024-28834
JSON object : View
Products Affected
No product.
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor