7.4
CVE-2023-0361
- EPSS 1.2%
- Published 15.02.2023 18:15:11
- Last modified 19.03.2025 18:15:18
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Converged Systems Advisor Agent Version-
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.782 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.