CVE-2026-5419

EUVD-2026-33755
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bookworm
3.7.9-2+deb12u7
fixed
bookworm (security)
3.7.9-2+deb12u7
fixed
bullseye
3.7.1-5+deb11u5
fixed
bullseye (security)
3.7.1-5+deb11u10
fixed
forky
3.8.13-1
fixed
sid
3.8.13-1
fixed
trixie
3.8.9-3+deb13u4
fixed
trixie (security)
3.8.9-3+deb13u4
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnutls
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutls30-32bit
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutlsxx-devel
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
libgnutlsxx30
suse enterprise desktop 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise sap 15 SP7
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP6
3.8.3-150600.4.20.1
fixed
suse enterprise server 15 SP7
3.8.3-150600.4.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gnutls
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-c
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-dane
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-devel
RHEL 9
0:3.8.10-4.el9_8
fixed
gnutls-utils
RHEL 9
0:3.8.10-4.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
gnutls
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-c++
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-c++-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-dane
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-dane-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-debugsource
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-devel
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-utils
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
gnutls-utils-debuginfo
Amazon Linux 2023
0:3.8.10-4.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
gnutls
Azure Linux 3.0
0:3.8.13-1.azl3
fixed