ALAS2023-2024-591 --- gnutlsID: oval:org.secpod.oval:def:19500688 | Date: (C)2024-05-22 (M)2024-06-10 |
Class: PATCH | Family: unix |
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command
Platform: |
Amazon Linux 2023 |