CVE-2023-5981

Опубликовано: 28 нояб. 2023

Источник: debian

EPSS Низкий

Описание

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gnutls28	fixed	3.8.2-1		package
gnutls28	fixed	3.7.9-2+deb12u1	bookworm	package
gnutls28	fixed	3.7.1-5+deb11u4	bullseye	package

Примечания

https://gitlab.com/gnutls/gnutls/-/issues/1511
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html
Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d (3.8.2)
Fixing this issue incompletely opens up CVE-2024-0553

EPSS

Процентиль: 67%

0.00561

Низкий

Связанные уязвимости

CVE-2023-5981

CVSS3: 5.9

ubuntu

больше 1 года назад

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVE-2023-5981

CVSS3: 5.9

redhat

больше 1 года назад

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVE-2023-5981

CVSS3: 5.9

nvd

больше 1 года назад

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVE-2023-5981

CVSS3: 5.9

msrc

8 месяцев назад

Описание отсутствует

SUSE-SU-2023:4986-1

suse-cvrf

больше 1 года назад

Security update for gnutls

EPSS

Процентиль: 67%

0.00561

Низкий