Lucene search

[email protected]NVD:CVE-2023-0361

HistoryFeb 15, 2023 - 6:15 p.m.

CVE-2023-0361

2023-02-1518:15:11

CWE-203

[email protected]

web.nvd.nist.gov

timing side-channel

rsa

gnutls

bleichenbacher style attack

decryption

clientkeyexchange

application data

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Affected configurations

Nvd

Node

gnugnutlsMatch3.6.8-11.el8_2

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappconverged_systems_advisor_agentMatch-

netappontap_select_deploy_administration_utilityMatch-

VendorProductVersionCPE
gnugnutls3.6.8-11.el8_2cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappconverged_systems_advisor_agent-cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	3.6.8-11.el8_2	cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*
fedoraproject	fedora	38	cpe:2.3:o:fedoraproject:fedora:38:::::::*
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	converged_systems_advisor_agent	-	cpe:2.3:a:netapp:converged_systems_advisor_agent:-:::::::*
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*