gnu gnutls CVE-2018-10846 vulnerability in GNU and Other Products
Published on August 22, 2018

product logo product logo product logo product logo product logo
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.


Products Associated with CVE-2018-10846

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10846 are published in these products:

Gnutls
 
Red Hat Ansible Tower
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 
Canonical Ubuntu Linux
 
Fedora Project Fedora
 

Affected Versions

[UNKNOWN] gnutls Version n/a is affected by CVE-2018-10846

Exploit Probability

EPSS
0.01%
Percentile
2.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.