ALAS2-2018-1120 --- gnutlsID: oval:org.secpod.oval:def:1700096 | Date: (C)2018-12-10 (M)2023-12-20 |
Class: PATCH | Family: unix |
It was found that GnuTLS#039;s implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.It was found that GnuTLS#039;s implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of quot;Just in Timequot; Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario.