CVE-2023-33850: IBM TXSeries Information Disclosure Flaw

CVE-2023-33850 is an information disclosure vulnerability in IBM TXSeries for Multiplatforms affecting IBM GSKit-Crypto's RSA implementation. Attackers can exploit timing-based side channels to extract sensitive data. This article covers technical details, affected versions, impact, and mitigation strategies.

CVE-2023-33850 Overview

CVE-2023-33850 affects IBM GSKit-Crypto, the cryptographic library used by multiple IBM products across AIX, Linux, HP-UX, and Windows. The vulnerability is a timing-based side channel in the RSA decryption implementation, classified under [CWE-203] (Observable Discrepancy). A remote attacker who submits an overly large number of trial ciphertexts can measure decryption response times and recover sensitive information protected by the affected keys.

Critical Impact
A network-positioned attacker can recover plaintext or key material from RSA operations by analyzing measurable timing variations, undermining the confidentiality of TLS sessions and other RSA-protected data.

Affected Products

IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1
IBM CICS TX Standard 11.1 and CICS TX Advanced 10.1 / 11.1
IBM GSKit-Crypto on AIX, Linux, HP-UX, and Microsoft Windows

Discovery Timeline

2023-08-22 - CVE-2023-33850 published to NVD
2025-11-03 - Last updated in NVD database

Technical Details for CVE-2023-33850

Vulnerability Analysis

The vulnerability resides in the RSA decryption routine of IBM GSKit-Crypto. RSA decryption involves modular exponentiation with the private key, followed by PKCS#1 padding removal. When the implementation branches or short-circuits based on the structure of the decrypted plaintext, the time taken to return a response leaks information about intermediate values.

An attacker can submit a large volume of crafted ciphertexts and measure response latency to distinguish valid from invalid padding states. Repeating this process across millions of probes allows recovery of session keys or plaintext, a class of attack often referred to as a Bleichenbacher-style timing oracle.

The vulnerability impacts confidentiality only. Integrity and availability of the target system are not affected by this flaw.

Root Cause

The root cause is non-constant-time handling within the RSA decryption code path. Conditional logic during PKCS#1 v1.5 padding validation produces observable timing differences correlated with secret data, mapping to [CWE-203] Observable Discrepancy through a side channel.

Attack Vector

Exploitation requires network access to a service that uses GSKit-Crypto for RSA-based decryption, such as a TLS endpoint terminating connections with an RSA key exchange. The attacker does not need credentials or user interaction. Practical exploitation requires a stable network path with low jitter and the ability to send an extremely high volume of probe ciphertexts to the target.

No public proof-of-concept exploit code has been released for CVE-2023-33850. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Detection Methods for CVE-2023-33850

Indicators of Compromise

High-volume streams of malformed or anomalously crafted TLS handshakes targeting RSA key exchange suites against hosts running affected IBM products.
Repeated decryption failures or PKCS#1 padding errors logged by GSKit-Crypto consumers over short time windows.
Long-lived TCP sessions from a single source generating sustained RSA decryption load without completing application transactions.

Detection Strategies

Inventory hosts running IBM TXSeries, CICS TX, and other products bundling GSKit-Crypto, then cross-reference installed versions against IBM advisories 7010369, 7022413, and 7022414.
Inspect TLS server logs for unusually high rates of handshake failures or alerts associated with RSA key exchange ciphersuites.
Deploy network telemetry rules that flag sources generating thousands of short-lived RSA-only TLS connections to a single endpoint.

Monitoring Recommendations

Forward TLS, web server, and application logs to a centralized analytics platform and alert on bursts of RSA decryption errors from a single client.
Monitor CPU utilization on TLS-terminating services for sustained spikes that correlate with probe-style traffic patterns.
Track outbound connections from affected hosts to detect downstream abuse of any keys or secrets that may have been recovered.

How to Mitigate CVE-2023-33850

Immediate Actions Required

Apply the GSKit-Crypto updates referenced in the IBM Support Document #7010369, IBM Support Document #7022413, and IBM Support Document #7022414.
Identify all TLS endpoints relying on GSKit-Crypto and prioritize patching of internet-facing services.
Review the NetApp Security Advisory NTAP-20241108-0002 for downstream product guidance.

Patch Information

IBM has published fixes for affected GSKit-Crypto versions through the three referenced support documents. Administrators should match their product version (TXSeries 8.1, 8.2, 9.1, or CICS TX 10.1/11.1) to the corresponding IBM advisory and apply the listed fix pack. Track the X-Force entry #257132 for any updated remediation details.

Workarounds

Disable RSA key exchange ciphersuites and prefer (EC)DHE-based forward-secret suites on TLS endpoints that cannot be patched immediately.
Place affected services behind a TLS-terminating proxy that uses a non-vulnerable cryptographic library to handle external RSA operations.
Apply network-layer rate limiting to restrict the volume of TLS handshake attempts from any single source, raising the cost of timing measurement.

bash

# Example: disable RSA key exchange suites on a TLS-terminating proxy
ssl_ciphers 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:!aRSA:!kRSA';
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;