← Back to CVEs
CVE-2023-0361
HIGH7.4
Description
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVE Details
CVSS v3.1 Score7.4
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published2/15/2023
Last Modified3/19/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxfedoraproject:fedoragnu:gnutlsnetapp:active_iq_unified_managernetapp:converged_systems_advisor_agentnetapp:ontap_select_deploy_administration_utilityredhat:enterprise_linux
Weaknesses (CWE)
CWE-203CWE-203
References
https://access.redhat.com/security/cve/CVE-2023-0361(secalert@redhat.com)
https://github.com/tlsfuzzer/tlsfuzzer/pull/679(secalert@redhat.com)
https://gitlab.com/gnutls/gnutls/-/issues/1050(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20230324-0005/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20230725-0005/(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-0361(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tlsfuzzer/tlsfuzzer/pull/679(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gnutls/gnutls/-/issues/1050(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230324-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230725-0005/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.