Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 20 Nov 2023 11:48:11 -0800
From: Alan Coopersmith <>
Subject: GNUTLS-SA-2023-10-23, CVE-2023-5981: timing sidechannel in RSA-PSK
 key exchange reports:

A vulnerability was found that the response times to malformed ciphertexts in
RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct
PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was
reported in the issue tracker as
announced the release of version 3.8.2 with a fix for this vulnerability.

         -Alan Coopersmith-       
          Oracle Solaris Engineering -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.