CVE-2024-28834 MEDIUM

CVE-2024-28834: Gnutls: vulnerable to minerva side-channel information leak

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-327 · Broken crypto
Published March 21, 2024
Last update November 6, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Key dates

02Disclosure timeline

March 21, 2024 CVE published
November 6, 2025 Record updated