← Back

CVE-2018-10846

nvd nist
Published: Aug 22, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.6
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 1.1 / Impact: 4.0
Source: NVD

Description

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Affected (11)

Show all products
Gnu: Gnutls · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Debian: Debian Linux
Gnu
1 product
Gnutls
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Canonical
1 product
Ubuntu Linux
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Gnutls
Before 3.6.12
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Server
Version 7.0
Enterprise Linux Workstation
Version 7.0
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 18.10
Ubuntu Linux
Version 19.04
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 31
Fedora
Version 32
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
CWE-385
Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References (20)

Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.