A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 May 2023, 17:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject fedora
Netapp active Iq Unified Manager Netapp converged Systems Advisor Agent Netapp ontap Select Deploy Administration Utility Fedoraproject Netapp |
|
CPE | cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230324-0005/ - Third Party Advisory |
24 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Mar 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Mar 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Feb 2023, 18:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Redhat Gnu Debian Debian debian Linux Gnu gnutls |
|
CWE | CWE-203 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/tlsfuzzer/tlsfuzzer/pull/679 - Issue Tracking, Patch | |
References | (MISC) https://gitlab.com/gnutls/gnutls/-/issues/1050 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html - Mailing List, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-0361 - Third Party Advisory |
18 Feb 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-15 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0361
Mitre link : CVE-2023-0361
CVE.ORG link : CVE-2023-0361
JSON object : View
Products Affected
netapp
- ontap_select_deploy_administration_utility
- active_iq_unified_manager
- converged_systems_advisor_agent
redhat
- enterprise_linux
gnu
- gnutls
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-203
Observable Discrepancy