Bug 2270358 (CVE-2024-2408) - CVE-2024-2408 php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API
Summary: CVE-2024-2408 php: potential exposure to Marvin attack via unsafe implementat...
Keywords:
Status: NEW
Alias: CVE-2024-2408
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2291133
Blocks: 2270357
TreeView+ depends on / blocked
 
Reported: 2024-03-19 22:21 UTC by Robb Gatica
Modified: 2024-06-13 14:38 UTC (History)
2 users (show)

Fixed In Version: php 8.2.12
Doc Type: If docs needed, set a value
Doc Text:
The RSA decryption implementation using PKCS#1 v1.5 padding in OpenSSL is vulnerable to a timing side-channel attack known as the Marvin Attack. This vulnerability arises because the execution time of the openssl_private_decrypt() function in PHP with OpenSSL varies based on whether a valid message is returned. This flaw allows an attacker to use these timing differences to decrypt captured ciphertexts or forge signatures, compromising the security of the encrypted data. The vulnerability has been demonstrated through statistical analysis of execution times, confirming the presence of a side channel that can be leveraged in a Bleichenbacher-style attack.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Robb Gatica 2024-03-19 22:21:31 UTC
As with other users of OpenSSL vulnerable to the Marvin Attack, the issue is caused by improper use of the RSA decryption APIs provided
by OpenSSL. Upstream doesn't plan to introduce any code changes, but instead document that the API is unsafe to use unless it's used with OpenSSL that implements implicit rejection (we have already shipped those fixes in RHEL 8, 9, and in Fedora).

References:
https://people.redhat.com/~hkario/marvin/
https://github.com/openssl/openssl/pull/13817
https://www.php.net/manual/en/function.openssl-private-decrypt.php

Comment 2 Hubert Kario 2024-06-07 09:24:57 UTC
This issue is now public: https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864

Comment 3 Sandipan Roy 2024-06-10 08:02:43 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2291133]


Note You need to log in before you can comment on or make changes to this bug.