Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-0361

Опубликовано: 15 фев. 2023
Источник: nvd
CVSS3: 7.4
EPSS Низкий

Описание

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.03615
Низкий

7.4 High

CVSS3

Дефекты

CWE-203
CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2023-0361

CVSS3: 7.4
ubuntu
около 3 лет назад

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

redhat логотип

CVE-2023-0361

CVSS3: 7.4
redhat
около 3 лет назад

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

msrc логотип

CVE-2023-0361

CVSS3: 7.4
msrc
около 3 лет назад

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message the attacker would be able to decrypt the application data exchanged over that connection.

debian логотип

CVE-2023-0361

CVSS3: 7.4
debian
около 3 лет назад

A timing side-channel in the handling of RSA ClientKeyExchange message ...

suse-cvrf логотип

SUSE-SU-2023:0610-1

suse-cvrf
около 3 лет назад

Security update for gnutls

EPSS

Процентиль: 88%
0.03615
Низкий

7.4 High

CVSS3

Дефекты

CWE-203
CWE-203