A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00492.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Gnu
  • Gnutls
Redhat
  • Enterprise Linux
  • Linux
  • Logging
  • Openshift Data Foundation
  • Rhel Eus

Configuration 1 [-]

cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
gnutls-0:3.6.16-8.el8_9 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:0155 2024-01-10T00:00:00Z
gnutls-0:3.6.16-8.el8_9 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:0155 2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
gnutls-0:3.6.16-5.el8_6.2 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:0319 2024-01-22T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
gnutls-0:3.6.16-7.el8_8.1 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:0399 2024-01-24T00:00:00Z
Red Hat Enterprise Linux 9
gnutls-0:3.7.6-23.el9_3.3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:0533 2024-01-29T00:00:00Z
gnutls-0:3.7.6-23.el9_3.3 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:0533 2024-01-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
gnutls-0:3.7.6-21.el9_2.1 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:0451 2024-01-25T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-core-rhel9:v4.15.0-68 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-rhel9-operator:v4.15.0-39 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-console-rhel9:v4.15.0-58 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-rhel9-operator:v4.15.0-13 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-metrics-exporter-rhel9:v4.15.0-81 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-rhel9-operator:v4.15.0-79 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cli-rhel9:v4.15.0-22 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-console-rhel9:v4.15.0-57 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cosi-sidecar-rhel9:v4.15.0-6 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-rhel9-operator:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.0-54 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-rhel9-operator:v4.15.0-10 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-must-gather-rhel9:v4.15.0-26 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-rhel9-operator:v4.15.0-19 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-cluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-hub-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-rhel9-operator:v4.15.0-21 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/rook-ceph-rhel9-operator:v4.15.0-103 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
RHOL-5.8-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.8.6-22 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel9:v6.8.1-407 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.8.6-19 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-247 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel9:v5.8.6-5 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel9:v5.8.1-470 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel9:v2.9.6-14 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.8.6-2 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.8.6-24 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.8.6-10 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-525 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-224 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/vector-rhel9:v0.28.1-56 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3660-1 gnutls28 security update
Debian DLA Debian DLA DLA-3740-1 gnutls28 security update
EUVD EUVD EUVD-2023-58248 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Ubuntu USN Ubuntu USN USN-6499-1 GnuTLS vulnerability
Ubuntu USN Ubuntu USN USN-6499-2 GnuTLS vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

To address the issue found upgrade to GnuTLS 3.8.2 or later versions.

References
Link Providers
http://www.openwall.com/lists/oss-security/2024/01/19/3 cve-icon
https://access.redhat.com/errata/RHSA-2024:0155 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0319 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0399 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0451 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0533 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1383 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2094 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-5981 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2248445 cve-icon cve-icon
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-5981 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-5981 cve-icon
History

Tue, 04 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00561}

 epss

{'score': 0.00577}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 16 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-06T21:44:57.204Z

Reserved: 2023-11-07T08:05:10.875Z

Link: CVE-2023-5981

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-28T12:15:07.040

Modified: 2025-11-04T20:17:14.220

Link: CVE-2023-5981

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-15T00:00:00Z

Links: CVE-2023-5981 - Bugzilla

cve-icon OpenCVE Enrichment

No data.