CVE-2024-0553 in GnuTLS
Summary
by MITRE • 01/16/2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/26/2026
The vulnerability identified as CVE-2024-0553 represents a critical timing side-channel weakness in the GnuTLS cryptographic library that specifically affects the RSA-PSK (RSA Pre-Shared Key) ClientKeyExchange mechanism. This flaw exploits differences in computational response times when processing malformed ciphertexts versus properly formatted ones with correct PKCS#1 v1.5 padding. The timing variations occur during the cryptographic operations performed during the key exchange phase, creating observable patterns that can be exploited by remote attackers to infer sensitive information about the cryptographic keys or session data.
The technical implementation of this vulnerability stems from the inconsistent execution paths within GnuTLS's RSA-PSK key exchange handling. When the library processes a malformed RSA-PSK ClientKeyExchange message, the cryptographic operations take different amounts of time compared to when valid padding is present. This timing discrepancy arises from the underlying implementation where error conditions and malformed input processing follow different code paths that execute with varying computational overhead. The flaw manifests specifically during the validation and decryption phases of the RSA-PSK exchange, where the library's response timing varies based on whether the padding structure is correct, creating measurable differences that can be amplified through repeated observations.
From an operational perspective, this vulnerability poses significant risks to systems relying on GnuTLS for secure communications, particularly in environments where RSA-PSK key exchange is employed. Attackers can leverage this timing side-channel to perform sophisticated cryptanalysis attacks that gradually reveal information about the cryptographic keys or session parameters. The attack typically involves sending multiple malformed ciphertexts and measuring the response times to infer padding structure information, which can ultimately lead to complete key recovery in some scenarios. This vulnerability affects the confidentiality of communications and can potentially compromise the integrity of the entire cryptographic session, making it particularly dangerous for applications handling sensitive data or requiring strong authentication mechanisms.
The mitigation strategies for CVE-2024-0553 primarily involve updating to patched versions of GnuTLS where the timing inconsistencies have been eliminated through consistent cryptographic operation timing. Organizations should prioritize updating their GnuTLS implementations to versions that address this specific timing side-channel weakness, as the vulnerability affects the core cryptographic primitives used in secure communications. Additionally, implementing constant-time cryptographic operations and ensuring that all padding validation occurs with consistent execution paths can help prevent similar vulnerabilities in future implementations. The vulnerability aligns with CWE-385, which addresses timing side-channel attacks, and maps to ATT&CK technique T1552.003 for unsecured credentials and T1071.004 for application layer protocol. System administrators should also consider implementing additional monitoring and detection mechanisms to identify potential exploitation attempts and ensure that all affected systems are properly updated to prevent potential data breaches or credential compromise scenarios.