A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote malicious user to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu gnutls |
||
fedoraproject fedora 39 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 9.0 |