CVE-2024-28834

MEDIUM5.3EPSS 2.1%

gnutls28 - security update

Published: 3/21/2024Modified: 4/28/2026

Description

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Affected packages (3)

Alpine/gnutlsfrom 0, < 3.8.4-r0
Debian/gnutls28from 0, < 3.7.1-5+deb11u6
Debian/gnutls28from 0, < 3.7.1-5+deb11u6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-28834
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-28834