Vulnerabilities > CVE-2023-50781 - Information Exposure Through Discrepancy vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

m2crypto-project

CWE-203

NVD

Published: 2024-02-05

Updated: 2024-02-26

Summary

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2
Application	Redhat Redhat Update Infrastructure 4	1
Application	M2Crypto_Project M2Crypto Project M2Crypto -	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://access.redhat.com/security/cve/CVE-2023-50781
https://bugzilla.redhat.com/show_bug.cgi?id=2254426