7.4

CVE-2023-0361

Exploit
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version3.6.8-11.el8_2
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version36
FedoraprojectFedora Version37
FedoraprojectFedora Version38
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://access.redhat.com/security/cve/CVE-2023-0361
Third Party Advisory
https://github.com/tlsfuzzer/tlsfuzzer/pull/679
Patch
Issue Tracking
https://gitlab.com/gnutls/gnutls/-/issues/1050
Vendor Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
https://security.netapp.com/advisory/ntap-20230324-0005/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230725-0005/