VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-96eb-39cr-8ye6

Essentials
Severities (37)
References (34)
Severity details (22)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-96eb-39cr-8ye6
Aliases	CVE-2024-28834 GNUTLS-SA-2023-12-04
Summary	A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1784
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1784
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1879
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1879
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1997
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1997
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2044
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2044
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2570
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2570
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2889
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2889
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json
cvssv3.1	5.3	https://access.redhat.com/security/cve/CVE-2024-28834
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01539	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=2269228
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2269228
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
ssvc	Track	https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
cvssv3.1	5.3	https://minerva.crocs.fi.muni.cz/
ssvc	Track	https://minerva.crocs.fi.muni.cz/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-28834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20240524-0004/
		http://www.openwall.com/lists/oss-security/2024/03/22/1
		http://www.openwall.com/lists/oss-security/2024/03/22/2
004845.html		https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
1067464		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067464
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_eus:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
CVE-2024-28834		https://access.redhat.com/security/cve/CVE-2024-28834
CVE-2024-28834		https://nvd.nist.gov/vuln/detail/CVE-2024-28834
minerva.crocs.fi.muni.cz		https://minerva.crocs.fi.muni.cz/
RHSA-2024:1784		https://access.redhat.com/errata/RHSA-2024:1784
RHSA-2024:1879		https://access.redhat.com/errata/RHSA-2024:1879
RHSA-2024:1997		https://access.redhat.com/errata/RHSA-2024:1997
RHSA-2024:2044		https://access.redhat.com/errata/RHSA-2024:2044
RHSA-2024:2570		https://access.redhat.com/errata/RHSA-2024:2570
RHSA-2024:2889		https://access.redhat.com/errata/RHSA-2024:2889
show_bug.cgi?id=2269228		https://bugzilla.redhat.com/show_bug.cgi?id=2269228
USN-6733-1		https://usn.ubuntu.com/6733-1/
USN-6733-2		https://usn.ubuntu.com/6733-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1784

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1879

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1879

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1997

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1997

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2044

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2044

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2570

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2570

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2889

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2889

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-28834

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/security/cve/CVE-2024-28834

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2269228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2269228

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://minerva.crocs.fi.muni.cz/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://minerva.crocs.fi.muni.cz/

Exploit Prediction Scoring System (EPSS)

Percentile	0.77519
EPSS Score	0.01138
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:36:26.482217+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.19/main.json	37.0.0