DEBIAN-CVE-2023-5981

DEBIAN-CVE-2023-5981 PUBLISHED CVSS 5.900000095367432 MEDIUM

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	gnutls28	*, 3.7.1-5+deb11u1, 3.7.1-5+deb11u2
Debian:12	gnutls28	3.7.9-2, 0, 3.7.9-2
Debian:14	gnutls28	0, 0, 0
Debian:13	gnutls28	0, 0, 0

Timeline

Nov 28, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-5981 advisory

Open in Interactive Console →