CVE-2018-10845 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-10845

CVE-2018-10845

August 22, 2018

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

Related Resources (12)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845

https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html

https://eprint.iacr.org/2018/747

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/

https://gitlab.com/gnutls/gnutls/merge_requests/657

https://security-tracker.debian.org/tracker/CVE-2018-10845

http://www.securityfocus.com/bid/105138

https://access.redhat.com/errata/RHSA-2018:3050

https://access.redhat.com/security/cve/CVE-2018-10845

https://access.redhat.com/errata/RHSA-2018:3505