GCVE - cpe:2.3:a:[unknown]:gnutls:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:[unknown]:gnutls:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	[Unknown] (`5b07108a-8f0c-5d28-ab99-c4ff62adb460`)
Product	Gnutls (`822bda34-3a12-5b40-b642-bda6965efa98`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-16868`	vulnerable	2026-06-03 14:38:21.149049	Details available MEDIUM (4.7) A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. Published: 2018-12-03T14:00:00.000Z Updated: 2024-08-05T10:32:54.146Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106080 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html http://cat.eyalro.net/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10846`	vulnerable	2026-06-03 14:38:00.267031	Details available MEDIUM (5.3) A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. Published: 2018-08-22T13:00:00.000Z Updated: 2024-08-05T07:46:47.512Z Open on db.gcve.eu Reference links https://eprint.iacr.org/2018/747 https://gitlab.com/gnutls/gnutls/merge_requests/657 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securityfocus.com/bid/105138 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10845`	vulnerable	2026-06-03 14:38:00.266335	Details available MEDIUM (5.9) It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. Published: 2018-08-22T13:00:00.000Z Updated: 2024-08-05T07:46:47.470Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845 https://eprint.iacr.org/2018/747 https://gitlab.com/gnutls/gnutls/merge_requests/657 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securityfocus.com/bid/105138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10844`	vulnerable	2026-06-03 14:38:00.263799	Details available MEDIUM (5.9) It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. Published: 2018-08-22T13:00:00.000Z Updated: 2024-08-05T07:46:46.944Z Open on db.gcve.eu Reference links https://eprint.iacr.org/2018/747 https://gitlab.com/gnutls/gnutls/merge_requests/657 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securityfocus.com/bid/105138 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.