2268268 – libgcrypt: timing based side-channel in RSA implementation

Bug 2268268 - libgcrypt: timing based side-channel in RSA implementation

Summary: libgcrypt: timing based side-channel in RSA implementation

Keywords:
Status:	CLOSED DUPLICATE of bug 2245218
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2268272 2268271 2274128
Blocks:	2268270
TreeView+	depends on / blocked

Reported:	2024-03-06 20:39 UTC by Robb Gatica
Modified:	2024-10-29 16:37 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-03-08 00:42:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-03-06 20:39:22 UTC

A timing based side-channel exists in the libgcrypt RSA implementation which could be sufficient to recover a plaintext across a network in
a Bleichenbacher style attack. To achieve successful decryption an attacker would have to be able to send a large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OAEP, and RSASVE.

Comment 1 Robb Gatica 2024-03-06 20:46:51 UTC

Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2268271]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2268272]

Comment 5 Robb Gatica 2024-03-08 00:42:53 UTC


*** This bug has been marked as a duplicate of bug 2245218 ***

Comment 6 Charmaine9x 2024-03-19 03:37:22 UTC Comment hidden (spam)

This comment was flagged a spam, view the edit history to see the original text if required.

Note You need to log in before you can comment on or make changes to this bug.