Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2018-10844

Disclosure Date: August 22, 2018
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • gnu,
  • redhat

Products

  • debian linux 8.0,
  • enterprise linux desktop 7.0,
  • enterprise linux server 7.0,
  • enterprise linux workstation 7.0,
  • fedora 31,
  • fedora 32,
  • gnutls,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 18.10,
  • ubuntu linux 19.04

Additional Info

Technical Analysis