CVE-2023-32342

CWE-2033 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 82.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Http ServerIBM Gskit
Timeline
PublishedMay 30
Latest updateMay 31

Description

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/gskit
NVDibm/http_server8.5.0.08.5.5.24+1

🔴Vulnerability Details

2
GHSA
GHSA-5wv7-mwwf-5g8c: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation2023-05-31
CVEList
IBM GSKit information disclosure2023-05-30
CVE-2023-32342 (HIGH CVSS 7.5) | IBM GSKit could allow a remote atta | cvebase.io