Showing 1 - 5 of 5

CVE-2023-0361

Status Candidate

Overview

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Related Files

Red Hat Security Advisory 2023-1200-01: Posted Mar 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-1200-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.; tags | advisory, protocol; systems | linux, redhat; advisories | CVE-2023-0361; SHA-256 | fb5b662c33ee92a64bb84971f213cd6f3c7fd87ed32100cc565d248ff7070eaf; Download | Favorite | View

Red Hat Security Advisory 2023-1141-01: Posted Mar 8, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-1141-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.; tags | advisory, protocol; systems | linux, redhat; advisories | CVE-2023-0361; SHA-256 | 1ced57497a6ea17e418fc7a1a6bf0322ee0feeb5220e722bcee7623682d86137; Download | Favorite | View

Ubuntu Security Notice USN-5901-1: Posted Feb 28, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5901-1 - Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2023-0361; SHA-256 | a9c617e5a096f4aaab32cbfcc28108db40b5d3024f260c3a3ea6ed1f3e9d60c4; Download | Favorite | View

Debian Security Advisory 5349-1: Posted Feb 15, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5349-1 - Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library.; tags | advisory; systems | linux, debian; advisories | CVE-2023-0361; SHA-256 | 529cabf89a74ffee339c76aaa209fcc4e84d4aa2cdcce805499cec41c0385567; Download | Favorite | View

GNU Transport Layer Security Library 3.7.9: Posted Feb 10, 2023; Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org; GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.; Changes: Fixed a Bleichenbacher oracle in the TLS RSA key exchange for libgnutls.; tags | protocol, library; advisories | CVE-2023-0361; SHA-256 | aaa03416cdbd54eb155187b359e3ec3ed52ec73df4df35a0edd49429ff64d844; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 140 files
Ubuntu 105 files
Debian 17 files
LiquidWorm 10 files
Google Security Research 10 files
Rafael Pedrero 8 files
Abdulhakim Oner 8 files
Hubert Wojciechowski 6 files
nu11secur1ty 6 files
fearzzzz 5 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,713)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,119)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,919)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,442)
UNIX (9,207)
UnixWare (185)
Windows (6,532)
Other

CVE-2023-0361

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems