[gnutls-devel] web-pages | add notes from 3.8.0 release (!6)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Feb 10 12:40:20 CET 2023




Hubert Kario (@mention me if you need reply) started a new discussion on security-entries/GNUTLS-SA-2020-07-14: https://gitlab.com/gnutls/web-pages/-/merge_requests/6#note_1274124459

> +    <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361">CVE-2023-0361</a></td>
> +    <td>Severity Medium; timing sidechannel in RSA decryption</td>
> +    <td>A vulnerability was found using the <a href="https://github.com/tomato42/tlsfuzzer">TLS fuzzer</a> tools that the response times to malformed RSA ciphertexts in ClientKeyExchange depend on the size of encrypted data in the PKCS#1 v1.5 encrypted data. The issue was reported in the issue tracker as <a href="https://gitlab.com/gnutls/gnutls/-/issues/1050">#1050</a>.<br/>

`...tools that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.`

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/6#note_1274124459
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230210/e994fd69/attachment.html>


More information about the Gnutls-devel mailing list