CVE-2022-4304

08.02.2023, 20:15

A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	1.0.2 ≤ 𝑥 < 1.0.2zg
openssl	openssl	1.1.1 ≤ 𝑥 < 1.1.1t
openssl	openssl	3.0.0 ≤ 𝑥 < 3.0.8
stormshield	endpoint_security	𝑥 < 7.2.40
stormshield	sslvpn	𝑥 < 3.2.1
stormshield	stormshield_network_security	2.7.0 ≤ 𝑥 < 2.7.11
stormshield	stormshield_network_security	2.8.0 ≤ 𝑥 < 3.7.34
stormshield	stormshield_network_security	3.8.0 ≤ 𝑥 < 3.11.22
stormshield	stormshield_network_security	4.0.0 ≤ 𝑥 < 4.3.16
stormshield	stormshield_network_security	4.4.0 ≤ 𝑥 < 4.6.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

edk2

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	needs-triage

nodejs

bionic	not-affected
focal	not-affected
jammy	Fixed 12.22.9~dfsg-1ubuntu3.3 released
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	not-affected
xenial	not-affected

openssl

bionic	Fixed 1.1.1-1ubuntu2.1~18.04.21 released
focal	Fixed 1.1.1f-1ubuntu2.17 released
jammy	Fixed 3.0.2-0ubuntu1.8 released
kinetic	Fixed 3.0.5-2ubuntu2.1 released
lunar	Fixed 3.0.8-1ubuntu1 released
mantic	Fixed 3.0.8-1ubuntu1 released
noble	Fixed 3.0.8-1ubuntu1 released
trusty	ignored
xenial	ignored

openssl1.0

bionic	ignored
focal	dne
jammy	dne
kinetic	dne
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-3-devel

suse enterprise desktop 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise desktop 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise sap 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl-3-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl-3-fips-provider-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl3

suse enterprise desktop 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise desktop 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise sap 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl3-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

openssl-3

suse enterprise desktop 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise desktop 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise sap 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.1-150400.4.17.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.3.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

edk2-aarch64

RHEL 8	0:20220126gitbb1bba3d77-4.el8 fixed
RHEL 8.6 AUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 E4S	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 EUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 TUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 9	0:20221207gitfff6d81270b5-9.el9_2 fixed

edk2-ovmf

RHEL 8	0:20220126gitbb1bba3d77-4.el8 fixed
RHEL 8.6 AUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 E4S	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 EUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 8.6 TUS	0:20220126gitbb1bba3d77-2.el8_6.1 fixed
RHEL 9	0:20221207gitfff6d81270b5-9.el9_2 fixed

edk2-tools

RHEL 9

0:20221207gitfff6d81270b5-9.el9_2

fixed

edk2-tools-doc

RHEL 9

0:20221207gitfff6d81270b5-9.el9_2

fixed

openssl

RHEL 8	1:1.1.1k-9.el8_7 fixed
RHEL 8.6 AUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 E4S	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 EUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 TUS	1:1.1.1k-9.el8_6 fixed
RHEL 9	1:3.0.1-47.el9_1 fixed

openssl-devel

RHEL 8	1:1.1.1k-9.el8_7 fixed
RHEL 8.6 AUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 E4S	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 EUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 TUS	1:1.1.1k-9.el8_6 fixed
RHEL 9	1:3.0.1-47.el9_1 fixed

openssl-libs

RHEL 8	1:1.1.1k-9.el8_7 fixed
RHEL 8.6 AUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 E4S	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 EUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 TUS	1:1.1.1k-9.el8_6 fixed
RHEL 9	1:3.0.1-47.el9_1 fixed

openssl-perl

RHEL 8	1:1.1.1k-9.el8_7 fixed
RHEL 8.6 AUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 E4S	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 EUS	1:1.1.1k-9.el8_6 fixed
RHEL 8.6 TUS	1:1.1.1k-9.el8_6 fixed
RHEL 9	1:3.0.1-47.el9_1 fixed

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://security.gentoo.org/glsa/202402-08

https://www.openssl.org/news/secadv/20230207.txt

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

https://security.gentoo.org/glsa/202402-08

https://www.openssl.org/news/secadv/20230207.txt