CVE-2018-10846

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

References

http://www.securityfocus.com/bid/105138

https://access.redhat.com/errata/RHSA-2018:3050

https://access.redhat.com/errata/RHSA-2018:3505

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846

https://eprint.iacr.org/2018/747

https://gitlab.com/gnutls/gnutls/merge_requests/657

https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/

https://usn.ubuntu.com/3999-1/

Details

Source: MITRE

Published: 2018-08-22

Updated: 2020-10-22

Type: CWE-327

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 5.6

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 1.1

Severity: MEDIUM

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
136416Fedora 31 : mingw-gnutls (2020-d14280a6e8)NessusFedora Local Security Checks
high
129209EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)NessusHuawei Local Security Checks
medium
127268NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)NessusNewStart CGSL Local Security Checks
medium
126870EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)NessusHuawei Local Security Checks
medium
126535EulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)NessusHuawei Local Security Checks
medium
126418EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)NessusHuawei Local Security Checks
medium
125622Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : GnuTLS vulnerabilities (USN-3999-1)NessusUbuntu Local Security Checks
medium
123319openSUSE Security Update : gnutls (openSUSE-2019-746)NessusSuSE Local Security Checks
medium
120112SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)NessusSuSE Local Security Checks
medium
119690CentOS 7 : gnutls (CESA-2018:3050)NessusCentOS Local Security Checks
medium
119503Amazon Linux 2 : gnutls (ALAS-2018-1120)NessusAmazon Linux Local Security Checks
medium
119184Scientific Linux Security Update : gnutls on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
medium
118764Oracle Linux 7 : gnutls (ELSA-2018-3050)NessusOracle Linux Local Security Checks
medium
118516RHEL 7 : gnutls (RHSA-2018:3050)NessusRed Hat Local Security Checks
medium
118504Debian DLA-1560-1 : gnutls28 security updateNessusDebian Local Security Checks
medium
118292SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-2)NessusSuSE Local Security Checks
high
117897openSUSE Security Update : gnutls (openSUSE-2018-1092)NessusSuSE Local Security Checks
high
117792openSUSE Security Update : gnutls (openSUSE-2018-1049)NessusSuSE Local Security Checks
high
117702SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2018:2842-1)NessusSuSE Local Security Checks
high
117696SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-1)NessusSuSE Local Security Checks
high