CVE-2024-0553

Summary

CVE-2024-0553 is a vulnerability affecting GnuTLS that involves inconsistent response times to malformed and correctly padded RSA-PSK ClientKeyExchange messages. This issue creates an opportunity for remote attackers to execute timing side-channel attacks on the RSA-PSK key exchange, potentially exposing sensitive data. While CVE-2024-0553 is considered an incomplete resolution for CVE-2023-5981, it highlights the importance of addressing timing side-channel vulnerabilities in secure communication protocols.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.