CVE-2023-33850

high

Description

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

References

https://www.ibm.com/support/pages/node/7022414

https://www.ibm.com/support/pages/node/7022413

https://www.ibm.com/support/pages/node/7010369

Details

Source: Mitre, NVD

Published: 2023-08-22

Updated: 2024-09-27

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High