CVE-2023-0361 in Enterprise Operations Monitorinformation

Résumé (Anglaise)

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

18/01/2023

Divulgation

15/02/2023

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
242518Oracle Enterprise Operations Monitor SSL Module divulgation d'information203Non définiCorrectif officielCVE-2023-0361
234901Oracle MySQL Cluster NDB Operator divulgation d'information200Non définiCorrectif officielCVE-2023-0361
234587Oracle Communications Network Analytics Data Director Install/Upgrade divulgation d'information200Non définiCorrectif officielCVE-2023-0361
234571Oracle Communications Cloud Native Core Policy Install/Upgrade divulgation d'information200Non définiCorrectif officielCVE-2023-0361
234565Oracle Communications Cloud Native Core Console Configuration divulgation d'information200Non définiCorrectif officielCVE-2023-0361
234562Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade divulgation d'information200Non définiCorrectif officielCVE-2023-0361
226400Oracle Communications Cloud Native Core Network Repository Function Installer divulgation d'information200Non définiCorrectif officielCVE-2023-0361
221116GnuTLS RSA divulgation d'information208Non définiCorrectif officielCVE-2023-0361

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!