cpe:/a:gnu:gnutls:- cpe:/a:redhat:ansible_tower:3.3 cpe:/o:debian:debian_linux:8.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2018-10844 2018-08-22T09:29:00.317-04:00 2019-10-02T20:03:26.223-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov BID 105138 REDHAT RHSA-2018:3050 REDHAT RHSA-2018:3505 UBUNTU USN-3999-1 MLIST [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844 MISC https://eprint.iacr.org/2018/747 CONFIRM https://gitlab.com/gnutls/gnutls/merge_requests/657 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.