CVE-2018-10844
Severity
5.9MEDIUM
EPSS
0.2%
top 59.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateMay 13
Description
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 8.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 18.10, 19.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-9779-jfg9-frm3: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack↗2022-05-13
OSV▶
CVE-2018-10844: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack↗2018-08-22
CVEList▶
CVE-2018-10844: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack↗2018-08-22
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-10844 mingw-gnutls: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10844 gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10844 gnutls30: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10844 mingw-gnutls: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10844 gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls↗2018-05-25