CVE-2023-50781: M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657

First published: Wed Dec 13 2023(Updated: )

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Credit: secalert@redhat.com secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/type
• agent/description
• agent/first-publish-date
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-944j-8ch6-rf6x
• alias/CVE-2023-50781
• agent/software-canonical-lookup
• agent/references
• agent/softwarecombine
• agent/severity
• agent/event
• agent/author
• collector/redhat-bugzilla
• source/Red Hat
• collector/nvd-cve
• source/NVD
• collector/github-advisory
• agent/tags
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• collector/nvd-api
• package-manager/pip
• vendor/redhat
• canonical/redhat enterprise linux
• version/redhat enterprise linux/8.0
• version/redhat enterprise linux/9.0
• canonical/redhat update infrastructure
• version/redhat update infrastructure/4
• vendor/m2crypto project
• canonical/m2crypto project m2crypto