CVE-2022-4304

EUVD-2023-0751

08.02.2023, 20:15

A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	1.0.2 ≤ 𝑥 < 1.0.2zg
openssl	openssl	1.1.1 ≤ 𝑥 < 1.1.1t
openssl	openssl	3.0.0 ≤ 𝑥 < 3.0.8
stormshield	endpoint_security	𝑥 < 7.2.40
stormshield	sslvpn	𝑥 < 3.2.1
stormshield	stormshield_network_security	2.7.0 ≤ 𝑥 < 2.7.11
stormshield	stormshield_network_security	2.8.0 ≤ 𝑥 < 3.7.34
stormshield	stormshield_network_security	3.8.0 ≤ 𝑥 < 3.11.22
stormshield	stormshield_network_security	4.0.0 ≤ 𝑥 < 4.3.16
stormshield	stormshield_network_security	4.4.0 ≤ 𝑥 < 4.6.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

edk2

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	needs-triage

nodejs

bionic	not-affected
focal	not-affected
jammy	Fixed 12.22.9~dfsg-1ubuntu3.3 released
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	not-affected
xenial	not-affected

openssl

bionic	Fixed 1.1.1-1ubuntu2.1~18.04.21 released
focal	Fixed 1.1.1f-1ubuntu2.17 released
jammy	Fixed 3.0.2-0ubuntu1.8 released
kinetic	Fixed 3.0.5-2ubuntu2.1 released
lunar	Fixed 3.0.8-1ubuntu1 released
mantic	Fixed 3.0.8-1ubuntu1 released
noble	Fixed 3.0.8-1ubuntu1 released
trusty	ignored
xenial	ignored

openssl1.0

bionic	ignored
focal	dne
jammy	dne
kinetic	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://security.gentoo.org/glsa/202402-08

https://www.openssl.org/news/secadv/20230207.txt

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

https://security.gentoo.org/glsa/202402-08

https://www.openssl.org/news/secadv/20230207.txt