CVE-2023-6258 - OpenCVE

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Latchset	Pkcs11-provider

Configuration 1 [-]

cpe:2.3:a:latchset:pkcs11-provider:0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2251062
https://github.com/latchset/pkcs11-provider/pull/308

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-30T16:55:18.733Z

Updated: 2024-08-02T08:28:20.354Z

Reserved: 2023-11-22T16:30:53.153Z

Link: CVE-2023-6258

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-30T17:15:10.657

Modified: 2024-02-08T17:29:26.097

Link: CVE-2023-6258

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6258", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-11-22T16:30:53.153Z", "datePublished": "2024-01-30T16:55:18.733Z", "dateUpdated": "2024-08-02T08:28:20.354Z"}, "containers": {"cna": {"title": "Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption."}], "affected": [{"product": "pkcs11-provider", "vendor": "n/a", "versions": [{"version": "0.2", "status": "unaffected"}]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "pkcs11-provider", "defaultStatus": "affected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062", "name": "RHBZ#2251062", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/latchset/pkcs11-provider/pull/308"}], "datePublic": "2023-11-22T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-1300", "description": "Improper Protection of Physical Side Channels", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1300: Improper Protection of Physical Side Channels", "timeline": [{"lang": "en", "time": "2023-11-22T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-11-22T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-02-08T18:05:32.581Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:20.354Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062", "name": "RHBZ#2251062", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/latchset/pkcs11-provider/pull/308", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:latchset:pkcs11-provider:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8F4E0EA-859D-43AD-84F2-EEBC0A2BAECF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de seguridad en el proveedor pkcs11, que est\u00e1 asociado con los est\u00e1ndares de criptograf\u00eda de clave p\u00fablica (PKCS#11). Si se explota con \u00e9xito, esta vulnerabilidad podr\u00eda provocar un fallo de seguridad similar al de Bleichenbacher, lo que podr\u00eda permitir un ataque de canal lateral al descifrado PKCS#1 1.5."}], "id": "CVE-2023-6258", "lastModified": "2024-02-08T17:29:26.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-30T17:15:10.657", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/latchset/pkcs11-provider/pull/308"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1300"}], "source": "secalert@redhat.com", "type": "Secondary"}]}