Gnutls: timing side-channel in the rsa-psk authentication
CVE-2023-5981

5.9MEDIUM

Summary

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Affected Version(s)

Red Hat Enterprise Linux 8 0:3.6.16-8.el8_9

Red Hat Enterprise Linux 8 0:3.6.16-8.el8_9

Red Hat Enterprise Linux 8.6 Extended Update Support 0:3.6.16-5.el8_6.2

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Daiki Ueno (Red Hat).
.