CVE-2023-5981

Gnutls: timing side-channel in the rsa-psk authentication

Published: 11/28/2023 Last updated: 2/25/2026 Reserved: 11/7/2023

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.9	Medium	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Version

Score

Severity

Vector String

3.1

5.9

Medium

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Products affected (52)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	<= 6.15.*
Red Hat Enterprise Linux 8	Red Hat	<= 6.16.*
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< bc2b881a0896c111c1041d8bb1f92a3b3873ace5
Red Hat Enterprise Linux 9	Red Hat	< 06da08d9355bf8e2070459bbedbe372ccc02cc0e
Red Hat Enterprise Linux 9	Red Hat	< b62a59c18b692f892dcb8109c1c2e653b2abc95c
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	4.12
Red Hat Enterprise Linux 8	Red Hat	< 1aa161e43106d46ca8e9a86f4aa28d420258134b
Red Hat Enterprise Linux 8	Red Hat	6.0
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 6.0
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 9	Red Hat	<= 6.2.*
Red Hat Enterprise Linux 9	Red Hat	<= 6.3.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 7	Red Hat	< 4.10.0
RHODF-4.15-RHEL-9	Red Hat	< 4.12
RHODF-4.15-RHEL-9	Red Hat	< 6ed5784526ddc0fb58b1798af36ec0c3139a8dca
RHODF-4.15-RHEL-9	Red Hat	< 13a0d1ae7ee6b438f5537711a8c60cba00554943
RHODF-4.15-RHEL-9	Red Hat	<= 6.12.*
RHODF-4.15-RHEL-9	Red Hat	<= 6.17.*
RHODF-4.15-RHEL-9	Red Hat	6.2
RHODF-4.15-RHEL-9	Red Hat	< 6.2
RHODF-4.15-RHEL-9	Red Hat	<= *
RHODF-4.15-RHEL-9	Red Hat	< 1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0
RHODF-4.15-RHEL-9	Red Hat	<= 6.2.*
RHODF-4.15-RHEL-9	Red Hat	< 912e9f0300c3564b72a8808db406e313193a37ad
RHODF-4.15-RHEL-9	Red Hat	<= *
RHODF-4.15-RHEL-9	Red Hat	< 789275f7c0544374d40bc8d9c81f96751a41df45
RHODF-4.15-RHEL-9	Red Hat	< 1b0449544c6482179ac84530b61fc192a6527bfd
RHODF-4.15-RHEL-9	Red Hat	2.6.32
RHODF-4.15-RHEL-9	Red Hat	< f830968d464f55e11bc9260a132fc77daa266aa3
RHODF-4.15-RHEL-9	Red Hat	< 2.6.32
RHODF-4.15-RHEL-9	Red Hat	< cea09922f5f75652d55b481ee34011fc7f19868b
RHODF-4.15-RHEL-9	Red Hat	<= 6.12.*
RHODF-4.15-RHEL-9	Red Hat	< 58889d5ad74cbc1c9595db74e13522b58b69b0ec
RHODF-4.15-RHEL-9	Red Hat	< 461f8ac666fa232afee5ed6420099913ec4e4ba2
RHODF-4.15-RHEL-9	Red Hat	<= 6.14.*
RHODF-4.15-RHEL-9	Red Hat	<= *
RHODF-4.15-RHEL-9	Red Hat	< 7723a5d5d187626c4c640842e522cf4e9e39492e
RHODF-4.15-RHEL-9	Red Hat	< ed0acb1ee2e9322b96611635a9ca9303d15ac76c
RHODF-4.15-RHEL-9	Red Hat	< 41320b18a0e0dfb236dba4edb9be12dba1878156
RHODF-4.15-RHEL-9	Red Hat	4.2
RHODF-4.15-RHEL-9	Red Hat	< 4.2
RHODF-4.15-RHEL-9	Red Hat	<= 4.14.*
RHODF-4.15-RHEL-9	Red Hat	<= 4.19.*
RHODF-4.15-RHEL-9	Red Hat	<= 5.4.*
RHODF-4.15-RHEL-9	Red Hat	<= 5.10.*
RHODF-4.15-RHEL-9	Red Hat	<= 5.15.*
RHODF-4.15-RHEL-9	Red Hat	<= 6.1.*
RHODF-4.15-RHEL-9	Red Hat	<= 6.4.*
RHODF-4.15-RHEL-9	Red Hat	<= *
RHOL-5.8-RHEL-9	Red Hat	<= 2025-12-31

Credits (2)

This issue was discovered by Daiki Ueno (Red Hat).
This issue was discovered by Daiki Ueno (Red Hat).

Gnutls: timing side-channel in the rsa-psk authentication

Metrics

Opam packages affected (5)

Products affected (52)

References (48)

Credits (2)