CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
57.1%
The GnuTLS project reports:
A vulnerability was found that the response times to malformed RSA
ciphertexts in ClientKeyExchange differ from response times of
ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext
processing is affected.