CVE-2018-10844

Medium

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use…

redhat·CWE-385·Published 2018-08-22

CVSS

5.9

EPSS

0.04

KEV

Exploits

cve.orgen

273 chars

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

NVDen

273 chars

NVDes

314 chars

Se ha detectado que la implementación GnuTLS de HMAC-SHA-256 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podrían utilizar este fallo para realizar ataques de distinción y de recuperación en texto plano mediante análisis estadísticos de datos temporales mediante paquetes manipulados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	5.9	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N