Primary

Context

GnuTLS PKCS#7 Padding Timing Side-Channel Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A timing side-channel vulnerability has been identified in GnuTLS, specifically in the PKCS#7 padding check during decryption. This flaw is not constant-time, which could enable a remote attacker to infer sensitive information about the padding bytes by exploiting observable timing differences. The vulnerability affects GnuTLS versions prior to the update included in Red Hat Enterprise Linux 10.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure by allowing an attacker to infer details about the PKCS#7 padding used in encrypted messages.

Remediation

Users can apply the GnuTLS update available in the Red Hat Enterprise Linux 10 security advisory RHSA-2026:20613 to address this vulnerability.

Added: Jun 1, 2026, 9:19 PM

Updated: Jun 1, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

6.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

6.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GnuTLS PKCS#7 Padding Timing Side-Channel Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

GnuTLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating