CVE-2023-50781

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-50781	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254426	Issue Tracking
https://access.redhat.com/security/cve/CVE-2023-50781	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254426	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*

History

25 Feb 2026, 19:29

Type	Values Removed	Values Added
CWE	~~CWE-208~~	CWE-385

21 Nov 2024, 08:37

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2023-50781 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-50781 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2254426 - Issue Tracking

Information

Published : 2024-02-05 21:15

Updated : 2026-02-25 19:29

NVD link : CVE-2023-50781

Mitre link : CVE-2023-50781

CVE.ORG link : CVE-2023-50781

JSON object : View

Products Affected

m2crypto_project

m2crypto

CWE

CWE-385

Covert Timing Channel

CWE-203

Observable Discrepancy

{"id": "CVE-2023-50781", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-05T21:15:10.970", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-50781", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50781", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-385"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."}], "lastModified": "2026-02-25T19:29:14.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:m2crypto_project:m2crypto:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81AFC02C-E179-48E4-934C-7EB9CB521F14"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}