CVE-2023-50781

HIGH 7.5

M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657

CVSS Score

7.5

EPSS Score

0.5%

EPSS Percentile

67th

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CWE	CWE-203
Published	Feb 5, 2024
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Red Hat / Red Hat Enterprise Linux 6

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Update Infrastructure 4 for Cloud Providers

All versions affected

Red Hat / Red Hat Virtualization 4

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-50781 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2254426

Credits

This issue was discovered by Hubert Kario (Red Hat).