CVE-2023-5981

Gnutls: timing side-channel in the rsa-psk authentication

Published: 11/28/2023 Last updated: 11/23/2024 Reserved: 11/7/2023

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.9	Medium	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (5)

conf-gnutls conf-mingw-w64-gnutls-i686 conf-mingw-w64-gnutls-x86_64 conf-srt conf-srt-gnutls

Products affected (47)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< 2024.3
Red Hat Enterprise Linux 8	Red Hat	22.0 ap366624
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	unspecified
Red Hat Enterprise Linux 9	Red Hat	22.0 ap363408
Red Hat Enterprise Linux 9	Red Hat	Snapdragon Auto 4G Modem
Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Enterprise Linux 7	Red Hat	22.0 ap365905
RHODF-4.15-RHEL-9	Red Hat	Vision Intelligence 300 Platform
RHODF-4.15-RHEL-9	Red Hat	22.0 ap363846
RHODF-4.15-RHEL-9	Red Hat	22.0 ap365970
RHODF-4.15-RHEL-9	Red Hat	22.0 ap363770
RHODF-4.15-RHEL-9	Red Hat	22.0 ap366784
RHODF-4.15-RHEL-9	Red Hat	Java SE:11.0.10
RHODF-4.15-RHEL-9	Red Hat	Java SE Embedded:8u281
RHODF-4.15-RHEL-9	Red Hat	Oracle GraalVM Enterprise Edition:19.3.5
RHODF-4.15-RHEL-9	Red Hat	22.0 ap366180
RHODF-4.15-RHEL-9	Red Hat	Oracle GraalVM Enterprise Edition:20.3.1.2
RHODF-4.15-RHEL-9	Red Hat	22.0 ap366649
RHODF-4.15-RHEL-9	Red Hat	22.0 ap364500
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	WSA8810
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	n/a
RHODF-4.15-RHEL-9	Red Hat	WSA8835
RHODF-4.15-RHEL-9	Red Hat	PE < 2016.4.0
RHODF-4.15-RHEL-9	Red Hat	< 9340385468d056bb700b8f28df236b81fc86a079
RHODF-4.15-RHEL-9	Red Hat	5.7.21 and prior
RHODF-4.15-RHEL-9	Red Hat	< 7673030efe0f8ca1056d3849d61784c6caa052af
RHODF-4.15-RHEL-9	Red Hat	< 1611b1ea7cf8d07dff091a45389b10401bb6d5b3
RHODF-4.15-RHEL-9	Red Hat	< 20e06a5137a1174214bae3a29ce623e69455ee0f
RHODF-4.15-RHEL-9	Red Hat	< fc595472fbad96533ccbb7b9ebb82b743ec26829
RHOL-5.8-RHEL-9	Red Hat	22.0 ap366747
RHOL-5.8-RHEL-9	Red Hat	5.14
RHOL-5.8-RHEL-9	Red Hat	<= 6.1.*
RHOL-5.8-RHEL-9	Red Hat	22.0 ap364651
RHOL-5.8-RHEL-9	Red Hat	<= 6.6.*
RHOL-5.8-RHEL-9	Red Hat	<= 6.12.*
RHOL-5.8-RHEL-9	Red Hat	<= *
RHOL-5.8-RHEL-9	Red Hat	8.2.2
RHOL-5.8-RHEL-9	Red Hat	22.0 ap365390
RHOL-5.8-RHEL-9	Red Hat	22.0 ap364805
RHOL-5.8-RHEL-9	Red Hat	22.0 ap365171
RHOL-5.8-RHEL-9	Red Hat	QCA6391
RHOL-5.8-RHEL-9	Red Hat	QCA6426
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	< 2025.3

References (23)

Credits (1)

This issue was discovered by Daiki Ueno (Red Hat).