CVE-2023-45287

ADVISORY - nist

Summary

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

EPSS Score⁠: 0.00081 (0.364)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

1 year ago

UPDATED

11 months ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-203⁠

CVSS SCORE

7.5high

Debian

CREATED

1 year ago

UPDATED

5 months ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

5 months ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

GoLang

CREATED

1 year ago

UPDATED

6 months ago

ADVISORY IDGO-2023-2375⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Alma

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDALSA-2024:0748⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:2239⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:2245⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:2193⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:2272⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2024:2180⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

BIT-golang-2023-45287

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-45287⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠

CVSS SCORE

5.3medium

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2024-0748⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-2239⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-2180⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-2245⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-2272⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2024-2193⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDELSA-2024-2988⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CGA-j6m5-gxrx-3c3p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2023-45287

Summary

Common Weakness Enumeration (CWE)

CWE-203⁠

CWE-208⁠

Advisories

NIST

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

GoLang

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Alma

CVSS SCORE

Bitnami

CVSS SCORE

Red Hat

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Oracle

CVSS SCORE

Chainguard