Bug 2254426 (CVE-2023-50781) - CVE-2023-50781 m2crypto: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657
Summary: CVE-2023-50781 m2crypto: Bleichenbacher timing attacks in the RSA decryption ...
Keywords:
Status: NEW
Alias: CVE-2023-50781
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254436 2254734 2254735 2254437
Blocks: 2254421
TreeView+ depends on / blocked
 
Reported: 2023-12-13 21:20 UTC by Robb Gatica
Modified: 2024-04-11 13:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2023-12-13 21:20:33 UTC 
Description:
The fix for CVE-2020-25657 is not addressing the leakage in the RSA decryption. Because of the API design, the fix is generally not believed to be possible to be fully addressed. The issue can be mitigated by using a cryptographic backend that implements implicit rejection (Marvin workaround). Only applications that use RSA decryption with PKCS#1 v1.5 padding are affected.

References:
https://gitlab.com/m2crypto/m2crypto/-/issues/342
https://people.redhat.com/~hkario/marvin/
https://github.com/openssl/openssl/pull/13817
Comment 2 Robb Gatica 2023-12-13 22:15:27 UTC 
Created m2crypto tracking bugs for this issue:

Affects: fedora-all [bug 2254436]
Comment 6 Robb Gatica 2023-12-15 16:16:25 UTC 
Created pywbem tracking bugs for this issue:

Affects: fedora-all [bug 2254734]


Created virt-who tracking bugs for this issue:

Affects: fedora-all [bug 2254735]
Note You need to log in before you can comment on or make changes to this bug.