CVE-2024-0553

Gnutls: incomplete fix for cve-2023-5981

Published: 1/16/2024 Last updated: 6/17/2025 Reserved: 1/15/2024

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.5	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (5)

conf-gnutls conf-mingw-w64-gnutls-i686 conf-mingw-w64-gnutls-x86_64 conf-srt conf-srt-gnutls

Products affected (52)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	11.4.0
Red Hat Enterprise Linux 8	Red Hat	6.2(13)
Red Hat Enterprise Linux 8	Red Hat	< R148-V7
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< unspecified
Red Hat Enterprise Linux 9	Red Hat	7.3(4)N1(1a)
Red Hat Enterprise Linux 9	Red Hat	6.0(2)A6(3)
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	7.0(3)F3(3c)
		<= 3.1.2
RHODF-4.15-RHEL-9	Red Hat	< R148-V7
RHODF-4.15-RHEL-9	Red Hat	6.0(2)U6(5)
RHODF-4.15-RHEL-9	Red Hat	b110391d1e806167254d3c7ae5d637191d913175
RHODF-4.15-RHEL-9	Red Hat	7.0(3)F3(5)
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	< 10.0.20348.3091
RHODF-4.15-RHEL-9	Red Hat	<= 2.4.49
RHODF-4.15-RHEL-9	Red Hat	<= 5.14.*
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	<= *
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	<= 8.98.7
RHODF-4.15-RHEL-9	Red Hat	1.0.9.92_1
RHODF-4.15-RHEL-9	Red Hat	< 019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27
RHODF-4.15-RHEL-9	Red Hat	< fe8421e853ef289e1324fcda004751c89dd9c18a
RHODF-4.15-RHEL-9	Red Hat	< 87389bff743c55b6b85282de91109391f43e0814
RHODF-4.15-RHEL-9	Red Hat	< 3e6429e3707943078240a2c0c0b3ee99ea9b0d9c
RHODF-4.15-RHEL-9	Red Hat	< 10.0.26100.2894
RHODF-4.15-RHEL-9	Red Hat	7.1(1)N1(1a)
RHODF-4.15-RHEL-9	Red Hat	<= 5.15.*
RHODF-4.15-RHEL-9	Red Hat	6.0(2)U6(2)
RHODF-4.15-RHEL-9	Red Hat	7.1(3)N1(2a)
RHODF-4.15-RHEL-9	Red Hat	< 10.0.25398.1369
RHODF-4.15-RHEL-9	Red Hat	6.2(25)
RHODF-4.15-RHEL-9	Red Hat	See references
RHODF-4.15-RHEL-9	Red Hat	See references
RHOL-5.8-RHEL-9	Red Hat	<= 1.0
RHOL-5.8-RHEL-9	Red Hat	All versions
RHOL-5.8-RHEL-9	Red Hat	6.2(19)
RHOL-5.8-RHEL-9	Red Hat	7.1(0)N1(1b)
RHOL-5.8-RHEL-9	Red Hat	1.2.0.8(8155)
RHOL-5.8-RHEL-9	Red Hat	< 2025.4
RHOL-5.8-RHEL-9	Red Hat	< 10.0.14393.7699
RHOL-5.8-RHEL-9	Red Hat	< 10.0.14393.7699
RHOL-5.8-RHEL-9	Red Hat	< 6.0.6003.23070
RHOL-5.8-RHEL-9	Red Hat	< 2.1.4
RHOL-5.8-RHEL-9	Red Hat	< 0.0.1
RHOL-5.8-RHEL-9	Red Hat	>= 2.4.0, < 2.4.2
RHOL-5.8-RHEL-9	Red Hat	6.0(2)A8(3)
RHOL-5.8-RHEL-9	Red Hat	< 6.1.7601.27520
RHOL-5.8-RHEL-9	Red Hat	< 15.0.2110.4
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	7.0(3)F3(3a)

CVE-2024-0553

Gnutls: incomplete fix for cve-2023-5981

Metrics

Opam packages affected (5)

Products affected (52)

References (27)