Search for vulnerabilities
Vulnerability details: VCID-swus-ze2b-kugb
Vulnerability ID VCID-swus-ze2b-kugb
Aliases CVE-2024-0553
Summary A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-203 Observable Discrepancy
CWE-1300 Improper Protection of Physical Side Channels
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0533
ssvc Track https://access.redhat.com/errata/RHSA-2024:0533
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0627
ssvc Track https://access.redhat.com/errata/RHSA-2024:0627
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0796
ssvc Track https://access.redhat.com/errata/RHSA-2024:0796
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:1082
ssvc Track https://access.redhat.com/errata/RHSA-2024:1082
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:1108
ssvc Track https://access.redhat.com/errata/RHSA-2024:1108
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:1383
ssvc Track https://access.redhat.com/errata/RHSA-2024:1383
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:2094
ssvc Track https://access.redhat.com/errata/RHSA-2024:2094
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0553.json
cvssv3.1 7.5 https://access.redhat.com/security/cve/CVE-2024-0553
ssvc Track https://access.redhat.com/security/cve/CVE-2024-0553
epss 0.00885 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
epss 0.01029 https://api.first.org/data/v1/epss?cve=CVE-2024-0553
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=2258412
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2258412
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://gitlab.com/gnutls/gnutls/-/issues/1522
ssvc Track https://gitlab.com/gnutls/gnutls/-/issues/1522
cvssv3.1 7.5 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
ssvc Track https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-0553
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0553.json
https://api.first.org/data/v1/epss?cve=CVE-2024-0553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
https://security.netapp.com/advisory/ntap-20240202-0011/
http://www.openwall.com/lists/oss-security/2024/01/19/3
004841.html https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
1061046 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046
1522 https://gitlab.com/gnutls/gnutls/-/issues/1522
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:logging:5.8::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.8::el9
cpe:/a:redhat:openshift_data_foundation:4.15::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_data_foundation:4.15::el9
cpe:/a:redhat:rhel_eus:8.6::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:8.6::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
CVE-2024-0553 https://access.redhat.com/security/cve/CVE-2024-0553
CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553
RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0533
RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0627
RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:0796
RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1082
RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1108
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:2094
show_bug.cgi?id=2258412 https://bugzilla.redhat.com/show_bug.cgi?id=2258412
USN-6593-1 https://usn.ubuntu.com/6593-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0533
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:0533
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0627
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:0627
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0796
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:0796
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1082
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:1082
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1108
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:1108
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1383
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:1383
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2094
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:2094
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0553.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-0553
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://access.redhat.com/security/cve/CVE-2024-0553
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2258412
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2258412
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://gitlab.com/gnutls/gnutls/-/issues/1522
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://gitlab.com/gnutls/gnutls/-/issues/1522
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T15:03:37Z/ Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0553
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.74471
EPSS Score 0.00885
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:22.699705+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/main.json 37.0.0