CVE-2018-10846

Summary

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]gnutlsn/aaffected

Weaknesses

  • CWE-385: CWE-385

ADP Enrichment

CVE Program Container

Additional References

References