PT-2023-8678 · Gnutls+10 · Gnutls+10

Daiki Ueno

Publicado

2023-10-23

Atualizado

2026-05-26

CVE-2023-5981

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A vulnerability was found related to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange, which differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue is associated with information disclosure through inconsistency. Exploitation of the vulnerability may allow a remote attacker to access confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203CWE-208

Identificadores relacionados

ALSA-2024:0155

ALSA-2024:0533

ALSA-2024:0627

ALT-PU-2023-7522

ALT-PU-2023-7523

ALT-PU-2023-7808

ALT-PU-2024-1572

ALT-PU-2024-1574

AZL-32048

BDU:2024-01500

CESA-2024_0155

CVE-2023-5981

DLA-3660-1

DLA-3740-1

JLSEC-2026-524

MGASA-2024-0008

OESA-2023-1867

OPENSUSE-SU-2023_4983-1

OPENSUSE-SU-2024:13444-1

RHSA-2024:0155

RHSA-2024:0319

RHSA-2024:0399

RHSA-2024:0451

RHSA-2024:0533

RHSA-2024_0155

RHSA-2024_0533

RLSA-2024:0155

SUSE-SU-2023:4952-1

SUSE-SU-2023:4983-1

SUSE-SU-2023:4986-1

SUSE-SU-2023_4983-1

SUSE-SU-2023_4986-1

SUSE-SU-2024:0860-1

SUSE-SU-2024:1179-1

SUSE-SU-2024_0860-1

USN-6499-1

USN-6499-2

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Gnutls

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8678 · Gnutls+10 · Gnutls+10

CVE-2023-5981

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 117