| Vulnerability Name: | CVE-2023-0361 (CCN-247680) | ||||||||||||||||||
| Assigned: | 2023-01-20 | ||||||||||||||||||
| Published: | 2023-01-20 | ||||||||||||||||||
| Updated: | 2023-07-25 | ||||||||||||||||||
| Summary: | GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in the handling of RSA ClientKeyExchange messages. By recovering the secret from the ClientKeyExchange message, an attacker could exploit this vulnerability to decrypt the application data exchanged over that connection, and use this information to launch further attacks against the affected system. | ||||||||||||||||||
| CVSS v3 Severity: | 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
| ||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2023-0361 Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 2162596 (CVE-2023-0361) - CVE-2023-0361 gnutls: timing side-channel in the TLS RSA key exchange code Source: XF Type: UNKNOWN guntls-cve20230361-info-disc(247680) Source: secalert@redhat.com Type: Issue Tracking, Patch secalert@redhat.com Source: CCN Type: GnuTLS GIT Repository Timing sidechannel in RSA decryption Source: secalert@redhat.com Type: Exploit, Issue Tracking, Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: CCN Type: Packet Storm Security [02-10-2023] GNU Transport Layer Security Library 3.7.9 Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: IBM Security Bulletin 6986323 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol | ||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||