CVE-2026-5419
published 2026-06-01CVE-2026-5419: A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote…
low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | gnutls | — | — |
| ubuntu | gnutls28 | — | — |