[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 20 Nov 2023 11:48:11 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: GNUTLS-SA-2023-10-23, CVE-2023-5981: timing sidechannel in RSA-PSK
key exchange
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 reports:
A vulnerability was found that the response times to malformed ciphertexts in
RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct
PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was
reported in the issue tracker as https://gitlab.com/gnutls/gnutls/-/issues/1511
https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html
announced the release of version 3.8.2 with a fix for this vulnerability.
--
-Alan Coopersmith- alan.coopersmith@...cle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
