Description
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
References (15)
Scores
CVSS v3
5.3
EPSS
0.0212
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-327
Status
published
Products (9)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.6.16-8.el8_9.3
Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Support
0:3.6.16-5.el8_6.4
Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Support
0:3.6.16-7.el8_8.3
Red Hat/Red Hat Enterprise Linux 9
0:3.7.6-23.el9_3.4
Red Hat/Red Hat Enterprise Linux 9
0:3.8.3-4.el9_4
Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Support
0:3.7.6-21.el9_2.3
Published
Mar 21, 2024
Tracked Since
Feb 18, 2026