Published: 05/12/2023 Updated: 12/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go

Synopsis Important: container-tools:40 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:40 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security ...

CWE-203 https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/https://pkg.go.dev/vuln/GO-2023-2375 https://security.netapp.com/advisory/ntap-20240112-0005/https://access.redhat.com/errata/RHSA-2024:0748 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45287

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect