← Retour aux CVEs
CVE-2023-0361
HIGH7.4
Description
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Details CVE
Score CVSS v3.17.4
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie2/15/2023
Derniere modification3/19/2025
Sourcenvd
Observations honeypot0
Produits affectes
debian:debian_linuxfedoraproject:fedoragnu:gnutlsnetapp:active_iq_unified_managernetapp:converged_systems_advisor_agentnetapp:ontap_select_deploy_administration_utilityredhat:enterprise_linux
Faiblesses (CWE)
CWE-203CWE-203
References
https://access.redhat.com/security/cve/CVE-2023-0361(secalert@redhat.com)
https://github.com/tlsfuzzer/tlsfuzzer/pull/679(secalert@redhat.com)
https://gitlab.com/gnutls/gnutls/-/issues/1050(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20230324-0005/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20230725-0005/(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-0361(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tlsfuzzer/tlsfuzzer/pull/679(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gnutls/gnutls/-/issues/1050(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230324-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230725-0005/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.