← volver
CVE-2026-5419

Gnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

CVSS 3.7 LOWEPSS 0.4%CWE-208
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 3.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
01 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Red Hat · Red Hat Discovery 2Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Update Infrastructure 5

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2026:20612https://access.redhat.com/errata/RHSA-2026:20613https://access.redhat.com/errata/RHSA-2026:26319https://access.redhat.com/errata/RHSA-2026:26409https://access.redhat.com/errata/RHSA-2026:29197https://access.redhat.com/security/cve/CVE-2026-5419https://bugzilla.redhat.com/show_bug.cgi?id=2467686https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13