CVE-2023-5388

Updated: 2024-03-29 09:59:12.716473

Description:

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU nss 3.79.0 6.5 MEDIUM Already Fixed 2024-03-27 14:10:08
CentOS 6 ELS nss 3.44.0 6.5 MEDIUM Ignored 2024-01-10 13:08:42
CentOS 7 ELS nss 3.79.0 6.5 MEDIUM Not Vulnerable 2024-04-02 11:10:50
CentOS 8.4 ELS nss 3.67.0-6 6.5 MEDIUM Already Fixed 2024-05-21 10:16:44
CentOS 8.5 ELS nss 3.67.0-7 6.5 MEDIUM Already Fixed 2024-05-21 10:16:45
CloudLinux 6 ELS nss 3.44.0 6.5 MEDIUM Ignored 2024-01-10 13:08:42
Oracle Linux 6 ELS nss 3.44.0 6.5 MEDIUM Ignored 2024-01-10 13:08:42
Ubuntu 16.04 ELS nss 3.28.4-0 6.5 MEDIUM Ignored 2024-01-10 13:08:42
Ubuntu 18.04 ELS nss 3.35-2 6.5 MEDIUM Ignored 2024-01-10 13:08:43

Statement

Not affected. https://access.redhat.com/security/cve/CVE-2023-5388 says that nss on Red Hat Enterprise Linux 7 is not affected. Also, the code that is fixed in the patch(https://hg.mozilla.org/projects/nss/rev/196716d8377ab427e326f20bff2d026e90ac69e2) is not in the nss sources on centos7els.