CVE-2023-5981

2023-11-2812:15:07

Google

osv.dev

cve-2023-5981

malformed ciphertexts

rsa-psk

pkcs#1 v1.5 padding

software

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CPENameOperatorVersion
gnutlseq3.4.10-r0
gnutlseq3.4.7-r0
gnutlseq3.6.5-r0
gnutlseqgnutls_1_1_13
gnutlseq3.6.8-r0
gnutlseqgnutls_1_3_1
gnutlseqgnutls_0_9_91
gnutlseqgnutls_0_2_11
gnutlseqgnutls_1_1_16
gnutlseq3.5.12-r0

Name	Operator	Version
gnutls	eq	3.4.10-r0
gnutls	eq	3.4.7-r0
gnutls	eq	3.6.5-r0
gnutls	eq	gnutls_1_1_13
gnutls	eq	3.6.8-r0
gnutls	eq	gnutls_1_3_1
gnutls	eq	gnutls_0_9_91
gnutls	eq	gnutls_0_2_11
gnutls	eq	gnutls_1_1_16
gnutls	eq	3.5.12-r0