CVE-2023-50781 | THREATINT

Description

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Reserved 2023-12-13 | Published 2024-02-05 | Updated 2025-02-07 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Observable Timing Discrepancy

Product status

Default status

affected

Default status

unknown

Default status

unknown

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Timeline

2023-12-13:	Reported to Red Hat.
2023-12-13:	Made public.

Credits

This issue was discovered by Hubert Kario (Red Hat).

References

access.redhat.com/security/cve/CVE-2023-50781 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2254426 (RHBZ#2254426) issue-tracking

cve.org (CVE-2023-50781)

nvd.nist.gov (CVE-2023-50781)

Download JSON