Headline
CVE-2023-5981: cve-details
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Red Hat Product Security Center
Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.
Product Security Center
Related news
Red Hat Security Advisory 2024-1082-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-0796-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0627-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0533-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0319-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Ubuntu Security Notice 6499-2 - USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.
Ubuntu Security Notice 6499-1 - It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.