A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
2023-11-28T12:15:07.040
2024-11-21T08:42:54.777
Modified
CVSSv3.1: 5.9 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gnu | gnutls | 1.5.0 | Yes |
Operating System | redhat | linux | 8.0 | Yes |
Operating System | redhat | linux | 9.0 | Yes |
Operating System | fedoraproject | fedora | 37 | Yes |
Operating System | fedoraproject | fedora | 38 | Yes |