Vulnerability Details CVE-2023-33982
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 5.9
References
- https://briarproject.org/news/2023-three-security-issues-found-and-fixed/
- https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf
- https://briarproject.org/news/2023-three-security-issues-found-and-fixed/
- https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf
Products affected by CVE-2023-33982
-
cpe:2.3:a:briarproject:briar:1.0.0
-
cpe:2.3:a:briarproject:briar:1.0.1
-
cpe:2.3:a:briarproject:briar:1.0.10
-
cpe:2.3:a:briarproject:briar:1.0.11
-
cpe:2.3:a:briarproject:briar:1.0.12
-
cpe:2.3:a:briarproject:briar:1.0.13
-
cpe:2.3:a:briarproject:briar:1.0.2
-
cpe:2.3:a:briarproject:briar:1.0.3
-
cpe:2.3:a:briarproject:briar:1.0.4
-
cpe:2.3:a:briarproject:briar:1.0.5
-
cpe:2.3:a:briarproject:briar:1.0.6
-
cpe:2.3:a:briarproject:briar:1.0.7
-
cpe:2.3:a:briarproject:briar:1.0.8
-
cpe:2.3:a:briarproject:briar:1.0.9
-
cpe:2.3:a:briarproject:briar:1.1.1
-
cpe:2.3:a:briarproject:briar:1.1.2
-
cpe:2.3:a:briarproject:briar:1.1.3
-
cpe:2.3:a:briarproject:briar:1.1.4
-
cpe:2.3:a:briarproject:briar:1.1.5
-
cpe:2.3:a:briarproject:briar:1.1.6
-
cpe:2.3:a:briarproject:briar:1.1.7
-
cpe:2.3:a:briarproject:briar:1.1.8
-
cpe:2.3:a:briarproject:briar:1.1.9
-
cpe:2.3:a:briarproject:briar:1.2.10
-
cpe:2.3:a:briarproject:briar:1.2.11
-
cpe:2.3:a:briarproject:briar:1.2.12
-
cpe:2.3:a:briarproject:briar:1.2.13
-
cpe:2.3:a:briarproject:briar:1.2.14
-
cpe:2.3:a:briarproject:briar:1.2.15
-
cpe:2.3:a:briarproject:briar:1.2.16
-
cpe:2.3:a:briarproject:briar:1.2.17
-
cpe:2.3:a:briarproject:briar:1.2.18
-
cpe:2.3:a:briarproject:briar:1.2.19
-
cpe:2.3:a:briarproject:briar:1.2.20
-
cpe:2.3:a:briarproject:briar:1.2.3
-
cpe:2.3:a:briarproject:briar:1.2.4
-
cpe:2.3:a:briarproject:briar:1.2.5
-
cpe:2.3:a:briarproject:briar:1.2.7
-
cpe:2.3:a:briarproject:briar:1.2.8
-
cpe:2.3:a:briarproject:briar:1.2.9
-
cpe:2.3:a:briarproject:briar:1.3.2
-
cpe:2.3:a:briarproject:briar:1.3.3
-
cpe:2.3:a:briarproject:briar:1.3.4
-
cpe:2.3:a:briarproject:briar:1.3.5
-
cpe:2.3:a:briarproject:briar:1.3.6
-
cpe:2.3:a:briarproject:briar:1.3.8
-
cpe:2.3:a:briarproject:briar:1.4.0
-
cpe:2.3:a:briarproject:briar:1.4.1
-
cpe:2.3:a:briarproject:briar:1.4.10
-
cpe:2.3:a:briarproject:briar:1.4.11
-
cpe:2.3:a:briarproject:briar:1.4.12
-
cpe:2.3:a:briarproject:briar:1.4.13
-
cpe:2.3:a:briarproject:briar:1.4.14
-
cpe:2.3:a:briarproject:briar:1.4.15
-
cpe:2.3:a:briarproject:briar:1.4.17
-
cpe:2.3:a:briarproject:briar:1.4.18
-
cpe:2.3:a:briarproject:briar:1.4.19
-
cpe:2.3:a:briarproject:briar:1.4.20
-
cpe:2.3:a:briarproject:briar:1.4.21
-
cpe:2.3:a:briarproject:briar:1.4.22
-
cpe:2.3:a:briarproject:briar:1.4.23
-
cpe:2.3:a:briarproject:briar:1.4.4
-
cpe:2.3:a:briarproject:briar:1.4.5
-
cpe:2.3:a:briarproject:briar:1.4.6
-
cpe:2.3:a:briarproject:briar:1.4.7
-
cpe:2.3:a:briarproject:briar:1.4.8
-
cpe:2.3:a:briarproject:briar:1.4.9
-
cpe:2.3:a:briarproject:briar:1.5.0
-
cpe:2.3:a:briarproject:briar:1.5.1
-
cpe:2.3:a:briarproject:briar:1.5.2