CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-50781	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254426	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*

History

15 Feb 2024, 18:51

Type	Values Removed	Values Added
First Time		Redhat Redhat enterprise Linux M2crypto Project m2crypto Redhat update Infrastructure M2crypto Project
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE	~~CWE-208~~	CWE-203
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 - Issue Tracking
References	~~() https://access.redhat.com/security/cve/CVE-2023-50781 -~~	() https://access.redhat.com/security/cve/CVE-2023-50781 - Third Party Advisory
CPE		cpe:2.3:a:m2crypto_project:m2crypto:-:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:update_infrastructure:4:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

05 Feb 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-05 21:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-50781

Mitre link : CVE-2023-50781

CVE.ORG link : CVE-2023-50781

JSON object : View

Products Affected

redhat

enterprise_linux
update_infrastructure

m2crypto_project

m2crypto

CWE

CWE-203

Observable Discrepancy

CWE-208

Observable Timing Discrepancy

{"id": "CVE-2023-50781", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-05T21:15:10.970", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-50781", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."}], "lastModified": "2024-02-26T16:27:47.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81AFC02C-E179-48E4-934C-7EB9CB521F14"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}