CVE-2023-50781

Public on 2023-12-14
Modified on 2024-06-28
Description
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.9
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core m2crypto Pending Fix
Amazon Linux 1 python-m2crypto No Fix Planned

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N