FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- timing sidechannel in RSA decryption

Affected packages
gnutls < 3.7.9

Details

VuXML ID 0a7a5dfb-aba4-11ed-be2c-001cc0382b2f
Discovery 2023-02-10
Entry 2023-02-13

The GnuTLS project reports:

A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected.

[source]

References

CVE Name CVE-2023-0361
URL https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.