Bug 2238677 (CVE-2023-4421) - CVE-2023-4421 nss: new tlsfuzzer code can still detect timing issues in RSA operations
Summary: CVE-2023-4421 nss: new tlsfuzzer code can still detect timing issues in RSA o...
Status: NEW
Alias: CVE-2023-4421
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2238706
Blocks: 2238675
TreeView+ depends on / blocked
Reported: 2023-09-13 06:31 UTC by Dhananjay Arunesh
Modified: 2023-10-25 12:53 UTC (History)
11 users (show)

Fixed In Version: nss 3.61
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in NSS. The interface between the cryptographic library (the softokn) and the rest of NSS is using PKCS#11, and the error reporting (erroring out when the PKCS#1 v1.5 padding checks fail) that PKCS#11 requires is very noisy, making it easy to detect over the network.
Clone Of:
Last Closed:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1651411 0 P3 ASSIGNED New tlsfuzzer code can still detect timing issues in RSA operations. 2023-10-10 11:25:47 UTC

Description Dhananjay Arunesh 2023-09-13 06:31:55 UTC
This patch defeats Bleichenbacher by not trying to hide the size of the
decrypted text, but to hide if the text succeeded for failed. This is done
by generating a fake returned text that's based on the key and the cipher text,
so the fake data is always the same for the same key and cipher text. Both the
length and the plain text are generated with a prf.


Comment 1 Dhananjay Arunesh 2023-09-13 09:41:03 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2238706]

Note You need to log in before you can comment on or make changes to this bug.