CVE-2023-5981
MEDIUMGnuTLS - Timing Side-Channel in RSA-PSK ClientKeyExchange
Title source: llmDescription
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
References (14)
Core 14
Core References
Issue Tracking, Vendor Advisory
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0155
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0319
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0399
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0451
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0533
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1383
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2094
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-5981
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2248445
Scores
CVSS v3
5.9
EPSS
0.0126
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
CWE-208
Status
published
Products (7)
debian/debian_linux
10.0
fedoraproject/fedora
37
fedoraproject/fedora
38
gnu/gnutls
1.5.0
gnu/gnutls
< 3.8.2
redhat/linux
8.0
redhat/linux
9.0
Published
Nov 28, 2023
Tracked Since
Feb 18, 2026