CVE-2023-50781 HIGH

CVE-2023-50781: M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-203
Published February 5, 2024
Last update May 12, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Key dates

02Disclosure timeline

February 5, 2024 CVE published
May 12, 2026 Record updated