Problemunvalidated
a timing side-channel vulnerability exists in _gnutls_srtp_recv_params() — When parsing DTLS ClientHello SRTP extension profiles. Tension: the server uses a non-constant-time nested loop. Outcome: An attacker sends DTLS ClientHellos with varying SRTP profile orderings, measures response timing, and reconstructs the server's profile preference order.
d2eafca4-7389-4200-9b99-151c49dac36c
a timing side-channel vulnerability exists in _gnutls_srtp_recv_params() — When parsing DTLS ClientHello SRTP extension profiles. Tension: the server uses a non-constant-time nested loop. Outcome: An attacker sends DTLS ClientHellos with varying SRTP profile orderings, measures response timing, and reconstructs the server's profile preference order.