CVE-2023-0361
CVE Details
Visit the official vulnerability details page for CVE-2023-0361 to learn more.
Initial Publication
04/03/2025
Last Update
09/02/2025
Third Party Dependency
gnutls
NIST CVE Summary
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVE Severity
Our Official Summary
The vulnerability allows attackers to exploit timing discrepancies during RSA decryption operations. By sending a large number of specially crafted messages to a vulnerable server, an attacker could recover the secret key from the ClientKeyExchange message, leading to the decryption of the entire session's data.
This vulnerability is reported on 3rd party harbor images. Once the upstream fix is available images will be upgraded.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/20/2025 | Status changed from Open to Ongoing |