Explore top 10 tips to secure your open-source projects now. Read More
×
It was found that the GnuTLS implementation of HMAC-SHA-256 was
vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and
plaintext-recovery attacks via statistical analysis of timing data
using crafted packets.
CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was
vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain
text recovery attacks via statistical analysis of timing data
using crafted packets.
CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to
plain text recovery in cross-VM attack setting was found. An
attacker could use a combination of "Just in Time" Prime+probe
attack in combination with Lucky-13 attack to recover plain text
using crafted packets.
For Debian 8 "Jessie", these problems have been fixed in version
Get the latest Linux and open source security news straight to your inbox.