CVE-2024-0553
High Severity
Gnu
Gnu
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.00759/1
CVE-2024-0553 impacts GnuTLS, creating a vulnerability for timing side-channel attacks. This flaw arises from differing response times to malformed ciphertexts during the RSA-PSK ClientKeyExchange. An attacker could exploit this to potentially extract sensitive information.
While CVE-2024-0553 has a CVSS score of 7.5, its SOCRadar Vulnerability Risk Score (SVRS) is 68, indicating a moderate level of risk. This incomplete fix for CVE-2023-5981 means systems remain partially exposed. Exploitation could lead to data leakage, compromising confidentiality. Organizations using GnuTLS should apply relevant patches and monitor for suspicious activity to mitigate potential security risks. The timing vulnerability makes systems susceptible to remote attackers.
TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-01-16
LAST MODIFIED2024-09-16
Indicators of Compromise
No IOCs found for this CVE
Exploits
No exploits found for this CVE
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
News
CVE-2024-0553 | GnuTLS up to 3.8.2 RSA-PSK ClientKeyExchange information exposure (RHSA-2024:0533)
vuldb.com2024-06-27
CVE-2024-0553 | GnuTLS up to 3.8.2 RSA-PSK ClientKeyExchange information exposure (RHSA-2024:0533) | A vulnerability, which was classified as problematic, was found in GnuTLS up to 3.8.2. Affected is an unknown function of the component RSA-PSK ClientKeyExchange Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is traded as CVE-2024-0553. It is possible to launch the attack
cve-2024-0553
domains
urls
cves
Social Media
No tweets found for this CVE
Affected Software
Configuration 1
| Type | Vendor | Product | |
|---|---|---|---|
| App | Gnu | gnutls |
Configuration 2
| Type | Vendor | Product | |
|---|---|---|---|
| OS | Fedoraproject | fedora |
Configuration 3
| Type | Vendor | Product | |
|---|---|---|---|
| OS | Redhat | enterprise_linux |
References
| Reference | Link |
|---|---|
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1082 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1082 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1108 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1082 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1108 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1383 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/01/19/3 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1082 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1108 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1383 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:2094 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
| [email protected] | https://security.netapp.com/advisory/ntap-20240202-0011/ |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0533 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0627 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:0796 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1082 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1108 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:1383 |
| [email protected] | https://access.redhat.com/errata/RHSA-2024:2094 |
| [email protected] | https://access.redhat.com/security/cve/CVE-2024-0553 |
| [email protected] | https://bugzilla.redhat.com/show_bug.cgi?id=2258412 |
| [email protected] | https://gitlab.com/gnutls/gnutls/-/issues/1522 |
| [email protected] | https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
CWE Details
| CWE ID | CWE Name | Description |
|---|---|---|
| CWE-203 | Observable Discrepancy | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.
Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence