CVE-2023-33855

LOW Year: 2023
CVSS v3 Score
3.7
Low
Weakness Type
CWE-385
View all →

Vulnerability Description

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.

Related Vulnerabilities

CVE-2024-13176

MEDIUM
CVSS:4.1(Medium)

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature comput...

CWE-3852024

CVE-2020-14341

LOW
CVSS:2.7(Low)

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the us...

CWE-3852020

CVE-2018-10846

MEDIUM
CVSS:5.3(Medium)

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in ...

CWE-3852018

CVE-2024-45192

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: Th...

CWE-3852024

CVE-2016-7056

MEDIUM
CVSS:5.5(Medium)

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

CWE-3852016

CVE-2020-29506

CRITICAL
CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CWE-3852020