How severe is CVE-2023-0361?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2023-0361?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2023-0361 - HIGH Severity | CVSS 7.4

Vulnerability Description

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Related Vulnerabilities

CVE-2017-6168

HIGH

CVSS:7.4(High)

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be...

CWE-2032017

CVE-2019-10764

HIGH

CVSS:7.4(High)

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage...

CWE-2032019

CVE-2019-13666

HIGH

CVSS:7.4(High)

Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032019

CVE-2022-3143

HIGH

CVSS:7.4(High)

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerab...

CWE-2032022

CVE-2023-51437

HIGH

CVSS:7.4(High)

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended ...

CWE-2032023

CVE-2024-23342

HIGH

CVSS:7.4(High)

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signatur...

CWE-2032024