FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- timing sidechannel in RSA decryption

Affected packages
gnutls < 3.7.9


VuXML ID 0a7a5dfb-aba4-11ed-be2c-001cc0382b2f
Discovery 2023-02-10
Entry 2023-02-13

The GnuTLS project reports:

A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected.


CVE Name CVE-2023-0361