gnu gnutls CVE-2018-10844 vulnerability in GNU and Other Products
Published on August 22, 2018

product logo product logo product logo product logo product logo
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.


Products Associated with CVE-2018-10844

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10844 are published in these products:

Gnutls
 
Red Hat Ansible Tower
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 
Canonical Ubuntu Linux
 
Fedora Project Fedora
 

Affected Versions

[UNKNOWN] gnutls Version n/a is affected by CVE-2018-10844

Exploit Probability

EPSS
0.19%
Percentile
41.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.