Donate Telegram

CVE-2024-0553

HIGH CVSS 3.1: 7.5 EPSS 1.03%

Jan 16, 2024

Updated Mar 24, 2026

Fedoraproject

Parameter	Value
CVSS	7.5 (HIGH)
Affected Versions	before 3.8.3
Fixed In	3.8.3
Type	CWE-203
Vendor	Fedoraproject
Public PoC	No

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 4

Configuration	From (including)	Up to (excluding)
Gnu Gnutls cpe:2.3:a:gnu:gnutls::::::::	—	`3.8.3`
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:39:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*	—	—
Redhat Enterprise_Linux cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*	—	—

References 16

https://access.redhat.com/errata/RHSA-2024:0533

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0627

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0796

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1082

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1108

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1383

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2094

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-0553

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2258412

secalert@redhat.com

https://gitlab.com/gnutls/gnutls/-/issues/1522

secalert@redhat.com

https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html

secalert@redhat.com

http://www.openwall.com/lists/oss-security/2024/01/19/3

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240202-0011/

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2024-4761

Fedoraproject

CVE-2023-6816

Debian

CVE-2023-5455

Fedoraproject

CVE-2023-6270

Fedoraproject

CVE-2023-5981

Debian

CVE Details

CVE ID

CVE-2024-0553

Published Date

Jan 16, 2024

Vendor

Fedoraproject

Severity

HIGH

CVSS v3.1 Score

7.5

High severity. Prioritize patching.

Attack Analysis

Exploitability 3.9/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 1.03%

Likelihood of exploitation in next 30 days

Percentile: 77.2th percentile (higher than 77.2% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Source

Editor's Choice