Vulnerability CVE-2023-0361: Information

Description

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-0361
Published: Feb. 15, 2023
Modified: Nov. 7, 2023
Error type identifier: CWE-203

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gnutls30sisyphus3.7.9-alt13.8.4-alt1ALT-PU-2023-1280-1315353Fixed
gnutls30sisyphus_e2k3.7.9-alt13.8.4-alt1ALT-PU-2023-2612-1-Fixed
gnutls30sisyphus_riscv643.7.9-alt13.8.4-alt1ALT-PU-2023-2621-1-Fixed
gnutls30p103.6.16-alt33.6.16-alt6ALT-PU-2023-1327-1315358Fixed
gnutls30p10_e2k3.6.16-alt33.6.16-alt6ALT-PU-2023-2680-1-Fixed
gnutls30p93.6.16-alt33.6.16-alt6ALT-PU-2023-1366-1315359Fixed
gnutls30p9_e2k3.6.16-alt33.6.16-alt3ALT-PU-2023-5376-1-Fixed
gnutls30c10f13.6.16-alt33.6.16-alt6ALT-PU-2023-1327-1315358Fixed
gnutls30c9f23.6.16-alt33.6.16-alt5ALT-PU-2023-1356-1315633Fixed
gnutls30p113.7.9-alt13.8.4-alt1ALT-PU-2023-1280-1315353Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.com/gnutls/gnutls/-/issues/1050
  • Exploit
  • Issue Tracking
  • Vendor Advisory
https://github.com/tlsfuzzer/tlsfuzzer/pull/679
  • Issue Tracking
  • Patch
https://access.redhat.com/security/cve/CVE-2023-0361
  • Third Party Advisory
[debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230324-0005/
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230725-0005/
    FEDORA-2023-1c4a6a47ae
      FEDORA-2023-5b378b82b3
        FEDORA-2023-4fc4c33f2b

            1. Configuration 1

              cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:*

              Configuration 2

              cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

              Configuration 3

              cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

              Configuration 4

              cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
              cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
              cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

              Configuration 5

              cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
              cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top