CVE-2023-50781

M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657

Description

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/security/cve/CVE-2023-50781	vdb entry third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254426	issue tracking

Frequently Asked Questions

What is the severity of CVE-2023-50781?: CVE-2023-50781 has been scored as a high severity vulnerability.
How to fix CVE-2023-50781?: As a workaround for remediating CVE-2023-50781: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2023-50781 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-50781 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-50781?: CVE-2023-50781 affects Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Update Infrastructure 4 for Cloud Providers, Red Hat Red Hat Virtualization 4.

Description

Remediation

Categories

CWE-208 – Observable Timing Discrepancy

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions