Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
CVE-2023-6258

8.1HIGH

Key Information:

Vendor: Fedora
Status: pkcs11-provider; Fedora
Vendor: CVE Published:; 30 January 2024

What is CVE-2023-6258?

A security vulnerability identified in the pkcs11-provider can lead to a Bleichenbacher-like flaw, allowing potential exploitation through side-channel attacks on PKCS#1 1.5 decryption methods. This issue underpins the necessity for an heightened focus on cryptographic standards and implementation practices to shield against unauthorized access and breach attempts.

Affected Version(s)

pkcs11-provider 0.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=2251062

issue-trackingx_refsource_REDHAT

https://github.com/latchset/pkcs11-provider/pull/308

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2024
Vulnerability Reserved
Nov 22, 2023

Fedora

What is CVE-2023-6258?

Affected Version(s)

References

CVSS V3.1

Timeline