CVE-2023-5981

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A vulnerability was found related to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange, which differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue is associated with information disclosure through inconsistency. Exploitation of the vulnerability may allow a remote attacker to access confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208

Related Identifiers

ALSA-2024:0155

ALSA-2024:0533

ALSA-2024:0627

ALT-PU-2023-7522

ALT-PU-2023-7523

ALT-PU-2023-7808

ALT-PU-2024-1572

ALT-PU-2024-1574

AZL-32048

BDU:2024-01500

CESA-2024_0155

CVE-2023-5981

DLA-3660-1

DLA-3740-1

JLSEC-2026-524

MGASA-2024-0008

OESA-2023-1867

OPENSUSE-SU-2023_4983-1

OPENSUSE-SU-2024:13444-1

RHSA-2024:0155

RHSA-2024:0319

RHSA-2024:0399

RHSA-2024:0451

RHSA-2024:0533

RHSA-2024_0155

RHSA-2024_0533

RLSA-2024:0155

SUSE-SU-2023:4952-1

SUSE-SU-2023:4983-1

SUSE-SU-2023:4986-1

SUSE-SU-2023_4983-1

SUSE-SU-2023_4986-1

SUSE-SU-2024:0860-1

SUSE-SU-2024:1179-1

SUSE-SU-2024_0860-1

USN-6499-1

USN-6499-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gnutls

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-5981

Weakness Enumeration

Related Identifiers

Affected Products

References · 117