Main Vulnerability Database Vulnerabilities #VU82583

#VU82583 Observable discrepancy in GSKit-Crypto - CVE-2023-33850

Published: October 31, 2023

Vulnerability identifier: #VU82583

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-33850

CWE-ID: CWE-203

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GSKit-Crypto

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to timing-based side channel in the RSA Decryption implementation. A remote attacker can send an overly large number of trial messages for decryption and gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7022413
https://www.ibm.com/support/pages/node/7022414
https://www.ibm.com/support/pages/node/7010369
https://exchange.xforce.ibmcloud.com/vulnerabilities/257132

#VU82583 Observable discrepancy in GSKit-Crypto - CVE-2023-33850

Description

Remediation

External links

Please verify you're human