CVE-2023-0361
Published: 15 February 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Notes
| Author | Note |
|---|---|
| mdeslaur | bionic already contains a sidechannel in RSA decryption because CVE-2018-16868 is not fixed due to it being too intrusive. We will ignore this CVE for bionic and earlier also. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls28 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(change too intrusive)
|
| focal |
Released
(3.6.13-2ubuntu1.8)
|
|
| jammy |
Released
(3.7.3-4ubuntu1.2)
|
|
| kinetic |
Released
(3.7.7-2ubuntu2.1)
|
|
| trusty |
Ignored
(out of standard support)
|
|
| upstream |
Released
(3.7.8-5,3.8.0)
|
|
| xenial |
Ignored
(change too intrusive)
|
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a upstream: https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |