Gnutls: timing side-channel in the rsa-psk authentication
CVE-2023-5981
5.9MEDIUM
Key Information:
- Vendor
- Red Hat
- Status
- Vendor
- CVE Published:
- 28 November 2023
Summary
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Affected Version(s)
Red Hat Enterprise Linux 8 0:3.6.16-8.el8_9
Red Hat Enterprise Linux 8 0:3.6.16-8.el8_9
Red Hat Enterprise Linux 8.6 Extended Update Support 0:3.6.16-5.el8_6.2
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Daiki Ueno (Red Hat).