CVE-2024-0553

HIGHScheduled

Published:Jan 16, 2024(2 years ago)

Modified:Mar 24, 2026

Remote ExploitNo Auth RequiredNo InteractionLow Complexity

Vulnerability Description

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Attack Characteristics

Network AccessLow ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
gnu	gnutls	3.8.3	-
fedoraproject	fedora	-	-
redhat	enterprise_linux	-

Timeline

Published
CVE disclosed publicly
Jan 16, 20242 years ago
Last Modified
Most recent update
Mar 24, 20261 month ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2024:0533
https://access.redhat.com/errata/RHSA-2024:0627
https://access.redhat.com/errata/RHSA-2024:0796
https://access.redhat.com/errata/RHSA-2024:1082

CVSS Score

v3.1

7.5/ 10.0

HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

At a Glance

Affected Products

References

gnu / gnutls

https://access.redhat.com/errata/RHSA-2024:1108

https://access.redhat.com/errata/RHSA-2024:1383

https://access.redhat.com/errata/RHSA-2024:2094

https://access.redhat.com/security/cve/CVE-2024-0553Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258412Issue Tracking

https://gitlab.com/gnutls/gnutls/-/issues/1522Exploit

https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List

http://www.openwall.com/lists/oss-security/2024/01/19/3

https://access.redhat.com/errata/RHSA-2024:0533

https://access.redhat.com/errata/RHSA-2024:0627

https://access.redhat.com/errata/RHSA-2024:0796

https://access.redhat.com/errata/RHSA-2024:1082

https://access.redhat.com/errata/RHSA-2024:1108

https://access.redhat.com/errata/RHSA-2024:1383

https://access.redhat.com/errata/RHSA-2024:2094

https://access.redhat.com/security/cve/CVE-2024-0553Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258412Issue Tracking

https://gitlab.com/gnutls/gnutls/-/issues/1522Exploit

https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.f...

https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List

https://security.netapp.com/advisory/ntap-20240202-0011/

CVSS v3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

Impact Analysis

ConfidentialityHigh

NoneLowHigh

IntegrityNone

NoneLowHigh

AvailabilityNone

NoneLowHigh

CVE-2024-0553

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description