CVE-2023-50781 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-50781 PUBLISHED CVSS 7.5 HIGH

m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657

EPSS 0.40% · 60.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.40%

60.4th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 9
PyPI	m2crypto	0
Red Hat	Red Hat Virtualization 4
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers

Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 8
redhat	enterprise_linux	8.0, 9.0
Red Hat	Red Hat Enterprise Linux 7
redhat	update_infrastructure	4
m2crypto_project	m2crypto
Red Hat	Red Hat Enterprise Linux 9

Timeline

Feb 5, 2024 CVE Published
Feb 5, 2024 PoC Published
Feb 8, 2024 EPSS Score
Mar 6, 2024 EPSS Score
Apr 1, 2024 EPSS Score
Apr 28, 2024 EPSS Score
May 25, 2024 EPSS Score
Jun 21, 2024 EPSS Score
Jul 17, 2024 EPSS Score
Aug 13, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 6, 2024 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2023-50781 vdb
RHBZ#2254426 issue
https://nvd.nist.gov/vuln/detail/CVE-2023-50781 advisory
https://gitlab.com/m2crypto/m2crypto package
https://gitlab.com/m2crypto/m2crypto/-/issues/342 url

Open in Interactive Console →