CVE-2018-10846
Severity
5.6MEDIUM
EPSS
0.0%
top 97.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateMay 13
Description
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0
Affected Packages7 packages
Also affects: Debian Linux 8.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 18.10, 19.04
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-qgw6-cgvx-vw2g: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found↗2022-05-13
CVEList▶
CVE-2018-10846: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found↗2018-08-22
OSV▶
CVE-2018-10846: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found↗2018-08-22
💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-10846 gnutls30: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10846 gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10846 mingw-gnutls: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery [fedora-all]↗2018-08-21
Bugzilla▶
CVE-2018-10846 mingw-gnutls: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery [epel-all]↗2018-08-21
Bugzilla▶
CVE-2018-10846 gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery↗2018-05-25