CVE-2026-5419— Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5419
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.8.10-4.el10_2 ~ * | cpe:/o:redhat:enterprise_linux:10.2 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Hardened Images | - | cpe:/a:redhat:hummingbird:1 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-5419
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5419
请登录查看更多情报信息。
Other References for CVE-2026-5419 (2)
Same Patch Batch · Red Hat · 2026-06-01 · 5 CVEs total
| CVE-2026-43958 | 7.8 HIGH | Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service |
| CVE-2026-10118 | 7.8 HIGH | Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buff |
| CVE-2026-10517 | 5.8 MEDIUM | Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconna |
| CVE-2026-10533 | 5.0 MEDIUM | Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events c |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-43958
Rrdtool: rrdtool: stack buffer overflow allows local code ex - CVE-2026-10118
Poppler: integer overflow in poppler splashoutputdev::tiling - CVE-2026-6324
Libsoup: libsoup: http request smuggling via unsigned to sig - CVE-2026-10028
Glib-networking: infinite loop in glib-networking gnutls bac - CVE-2026-4408
Samba: remote code execution in samr
Same vendor: Red Hat
- CVE-2026-1784
Ose-cluster-ingress-operator: remote code execution through - CVE-2026-43958
Rrdtool: rrdtool: stack buffer overflow allows local code ex - CVE-2026-10118
Poppler: integer overflow in poppler splashoutputdev::tiling - CVE-2026-10533
Openshift: openshift: non-admin user can bypass resourcequot - CVE-2026-10517
Clair: clair: unauthenticated ssrf via manifest layer uri en
V. Comments for CVE-2026-5419
No comments yet