Bug 2255127 (CVE-2023-50979) - CVE-2023-50979 cryptopp: side-channel leakage during decryption with PKCS#1v1.5 padding (Marvin)
Summary: CVE-2023-50979 cryptopp: side-channel leakage during decryption with PKCS#1v1...
Keywords:
Status: NEW
Alias: CVE-2023-50979
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2255128 2255129
Blocks: 2255124
TreeView+ depends on / blocked
 
Reported: 2023-12-18 19:27 UTC by Robb Gatica
Modified: 2023-12-19 05:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2023-12-18 19:27:28 UTC 
Reference: https://github.com/weidai11/cryptopp/issues/1247

-----
Crypto++ Issue Report

I've verified that the Crypto++ is vulnerable to the Marvin Attack—a timing variant of the well-known Bleichenbacher attack.

I've executed the test on ArchLinux, using crypto++ 8.9.0 from the Arch repository.
The reproducer is available in the marvin-toolkit repository. It was compiled with a simple g++ -o time_decrypt -lcryptopp time_decrypt.cpp.

When executed on AMD Ryzen 5 5600X, I'm able to detect a side-channel signal when performing decryption with PKCS#1 v1.5 padding. The results are statistically significant with just few hundred measurement pairs, but below I'm showing results of a run with 100k repeats to show the size of the side-channel more clearly.
Comment 1 Robb Gatica 2023-12-18 19:36:39 UTC 
Created cryptopp tracking bugs for this issue:

Affects: epel-all [bug 2255128]
Affects: fedora-all [bug 2255129]
Note You need to log in before you can comment on or make changes to this bug.