CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-50781	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254426	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*

History

15 Feb 2024, 18:51

Type	Values Removed	Values Added
First Time		M2crypto Project m2crypto Redhat Redhat update Infrastructure Redhat enterprise Linux M2crypto Project
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 7.5
CWE		CWE-203
CPE		cpe:2.3:a:redhat:update_infrastructure:4:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:m2crypto_project:m2crypto:-:::::::*
References	~~() https://access.redhat.com/security/cve/CVE-2023-50781 -~~	() https://access.redhat.com/security/cve/CVE-2023-50781 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 - Issue Tracking
Summary		(es) Se encontró una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles.

05 Feb 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-05 21:15

Updated : 2024-02-26 16:27

NVD link : CVE-2023-50781

Mitre link : CVE-2023-50781

CVE.ORG link : CVE-2023-50781

JSON object : View

Products Affected

m2crypto_project

m2crypto

redhat

enterprise_linux
update_infrastructure

CWE

CWE-203

Observable Discrepancy

CWE-208

Observable Timing Discrepancy

{"id": "CVE-2023-50781", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-05T21:15:10.970", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-50781", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."}], "lastModified": "2024-02-26T16:27:47.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81AFC02C-E179-48E4-934C-7EB9CB521F14"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}