CVE-2018-10845
Severity
5.9MEDIUM
EPSS
0.6%
top 31.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateMay 13
Description
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 8.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 18.10, 19.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-m5px-2q2g-hxc2: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack↗2022-05-13
CVEList▶
CVE-2018-10845: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack↗2018-08-22
OSV▶
CVE-2018-10845: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack↗2018-08-22
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-10845 mingw-gnutls: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10845 mingw-gnutls: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10845 gnutls30: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10845 gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10845 gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant↗2018-05-25