CVE-2023-6258 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Latchset	Pkcs11-Provider	0.1

Related Weaknesses (CWE)

CWE-1300 CWE-203

References

https://bugzilla.redhat.com/show_bug.cgi?id=2251062Issue TrackingThird Party Advisory
https://github.com/latchset/pkcs11-provider/pull/308Issue TrackingPatch
https://bugzilla.redhat.com/show_bug.cgi?id=2251062Issue TrackingThird Party Advisory
https://github.com/latchset/pkcs11-provider/pull/308Issue TrackingPatch

FAQ

What is CVE-2023-6258?

CVE-2023-6258 is a vulnerability with a CVSS score of 8.1 (HIGH). A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in...

How severe is CVE-2023-6258?

CVE-2023-6258 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6258?

Check the references section above for vendor advisories and patch information. Affected products include: Latchset Pkcs11-Provider.