Описание
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Ссылки
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00561
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 5.9
ubuntu
больше 1 года назад
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVSS3: 5.9
redhat
больше 1 года назад
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVSS3: 5.9
debian
больше 1 года назад
A vulnerability was found that the response times to malformed ciphert ...
EPSS
Процентиль: 67%
0.00561
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-203
CWE-203