CVE-2023-45287

ADVISORY - nist

Summary

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

EPSS Score⁠: 0.00463 (0.610)

Common Weakness Enumeration (CWE)

ADVISORY - nist

GoLang

CREATED

1 year ago

UPDATED

10 months ago

ADVISORY IDGO-2023-2375⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
stdlib	golang	-	-	<1.20.0	1.20.0

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

1 year ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-203⁠

CVSS SCORE

7.5high

Debian

CREATED

1 year ago

UPDATED

17 days ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

17 days ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2024:0748⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDALSA-2024:2180⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDALSA-2024:2193⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDALSA-2024:2239⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDALSA-2024:2245⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDALSA-2024:2272⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

BIT-golang-2023-45287

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Red Hat

CREATED

1 year ago

UPDATED

11 days ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠

CVSS SCORE

7.5medium

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2024-0748⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDELSA-2024-2180⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDELSA-2024-2193⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDELSA-2024-2239⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDELSA-2024-2245⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDELSA-2024-2272⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2024-2988⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-j6m5-gxrx-3c3p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2023-45287

Summary

Common Weakness Enumeration (CWE)

CWE-203⁠

CWE-208⁠

Advisories

GoLang

NIST

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Bitnami

CVSS SCORE

Red Hat

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Chainguard