Donate Telegram

CVE-2023-5981

MEDIUM CVSS 3.1: 5.9

Nov 28, 2023

Updated Mar 25, 2026

Debian

Parameter	Value
CVSS	5.9 (MEDIUM)
Affected Versions	before 3.8.2
Fixed In	3.8.2
Type	CWE-203, CWE-208
Vendor	Debian
Public PoC	No

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 6

Configuration	From (including)	Up to (excluding)
Debian Debian_Linux cpe:2.3:o:debian:debian_linux:10.0:::::::*	—	—
Gnu Gnutls cpe:2.3:a:gnu:gnutls::::::::	—	`3.8.2`
Redhat Linux cpe:2.3:o:redhat:linux:8.0:::::::*	—	—
Redhat Linux cpe:2.3:o:redhat:linux:9.0:::::::*	—	—
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:37:::::::*	—	—
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:38:::::::*	—	—

References 14

https://access.redhat.com/errata/RHSA-2024:0155

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0319

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0399

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0451

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0533

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1383

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2094

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-5981

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248445

secalert@redhat.com

https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23

secalert@redhat.com

http://www.openwall.com/lists/oss-security/2024/01/19/3

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-64512

Debian

CVE-2025-10934

Debian

CVE-2025-10922

Debian

CVE-2025-10921

Debian

CVE-2025-39737

Linux

CVE Details

CVE ID

CVE-2023-5981

Published Date

Nov 28, 2023

Vendor

Debian

Severity

MEDIUM

CVSS v3.1 Score

5.9

Medium severity. Plan remediation.

Attack Analysis

Exploitability 2.2/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Impact

Full data disclosure

Source

Editor's Choice