[Debian] Medium CVE: CVE-2023-5981 gnutls28: timing side-channel in the RSA-PSK authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Wentao Zhang |
Bug Description
CVE-2023-5981: https:/
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Base Score: Medium
Reference:
['libgnutls28-
CVE References
summary: |
- [Debian] Medium CVE: CVE-2023-5981 gnutls28 + [Debian] Medium CVE: CVE-2023-5981 gnutls28: timing side-channel in the + RSA-PSK authentication |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/912907
Review: https:/