CVE-2023-5981

MEDIUM

Gnutls - Information Disclosure

Title source: rule

Description

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

References (14)

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html

[Issue Tracking, Vendor Advisory] https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/

[Mailing List] http://www.openwall.com/lists/oss-security/2024/01/19/3

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0155

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0319

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0399

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0451

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0533

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1383

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:2094

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2023-5981

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2248445

Scores

CVSS v3 5.9

EPSS 0.0084

EPSS Percentile 74.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-203 CWE-208

Status published

Products (7)

debian/debian_linux 10.0

fedoraproject/fedora 37

fedoraproject/fedora 38

gnu/gnutls 1.5.0

gnu/gnutls < 3.8.2

redhat/linux 8.0

redhat/linux 9.0

Published Nov 28, 2023

Tracked Since Feb 18, 2026