#VU15709 Cryptographic issues in GnuTLS - CVE-2018-10846


Vulnerability identifier: #VU15709

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10846

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cache-based side channel in GnuTLS implementation that can lead to recovery of data in cross-VM attack setting. A remote attacker with ability to intercept traffic can recover encrypted data using a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

GnuTLS: 3.6.0 - 3.6.2

External links
https://www.securityfocus.com/bid/105138
https://access.redhat.com/errata/RHSA-2018:3050
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846
https://eprint.iacr.org/2018/747
https://gitlab.com/gnutls/gnutls/merge_requests/657
https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Cyber Recovery
Fedora 31 update for mingw-gnutls
Fedora 32 update for mingw-gnutls
Ubuntu update for GnuTLS
Lucky Thirteen Attack in GnuTLS implementation
Red Hat update for gnutls
OpenSUSE Linux update for gnutls
Fedora EPEL 6 update for gnutls30
OpenSUSE Linux update for gnutls
Fedora EPEL 6 update for gnutls30