CVE-2024-0553

Published: Jan 16, 2024

Modified: Mar 24, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Vendor	Product	Versions
Unknown	gnutls	affected `3.8.0 - < 3.8.3`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_9.1 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_9.1 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	unaffected `0:3.6.16-5.el8_6.3 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:3.6.16-7.el8_8.2 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.7.6-23.el9_3.3 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.7.6-23.el9_3.3 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:3.7.6-21.el9_2.2 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-37 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-68 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-39 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-58 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-13 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-81 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-79 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-22 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-57 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-6 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-15 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-15 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-54 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-10 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-26 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-19 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-158 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-21 - < *`
Red Hat	RHODF-4.15-RHEL-9	unaffected `v4.15.0-103 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-22 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-11 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v6.8.1-407 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-19 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v1.0.0-479 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-7 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v0.4.0-247 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-5 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v1.1.0-227 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.1-470 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v2.9.6-14 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-2 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-24 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v5.8.6-10 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v0.1.0-525 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v0.1.0-224 - < *`
Red Hat	RHOL-5.8-RHEL-9	unaffected `v0.28.1-56 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions