What is CVE-2022-4304?

CVE-2022-4304 is a vulnerability in the OpenSSL RSA Decryption implementation that allows an attacker to recover plaintext data in a Bleichenbacher style attack.

What is the severity of CVE-2022-4304?

The severity of CVE-2022-4304 is medium with a CVSS score of 5.9.

Which software versions are affected by CVE-2022-4304?

OpenSSL versions 1.0.2 to 1.0.2zg, 1.1.1 to 1.1.1t, and 3.0.0 to 3.0.8 are affected by CVE-2022-4304.

How can an attacker exploit CVE-2022-4304?

An attacker can exploit CVE-2022-4304 by sending a large number of trial messages to perform a timing-based side channel attack.

Is there a patch available for CVE-2022-4304?

Yes, patches are available for the affected versions of OpenSSL.

Vulnerability/
CVE-2022-4304

high

7.5

CWE

203

25/1/2023

7/2/2023

8/2/2023

3/8/2024

CVE-2022-4304: Timing Oracle in RSA Decryption

First published: Wed Jan 25 2023(Updated: )

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org

Affected Software	Affected Version	How to fix
redhat/jbcs-httpd24-openssl	<1:1.1.1k-14.el8	1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl	<1:1.1.1k-14.el7	1:1.1.1k-14.el7
redhat/edk2	<0:20220126gitbb1bba3d77-4.el8	0:20220126gitbb1bba3d77-4.el8
redhat/openssl	<1:1.1.1k-9.el8_7	1:1.1.1k-9.el8_7
redhat/edk2	<0:20220126gitbb1bba3d77-2.el8_6.1	0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl	<1:1.1.1k-9.el8_6	1:1.1.1k-9.el8_6
redhat/openssl	<1:3.0.1-47.el9_1	1:3.0.1-47.el9_1
redhat/edk2	<0:20221207gitfff6d81270b5-9.el9_2	0:20221207gitfff6d81270b5-9.el9_2
redhat/openssl	<1:3.0.1-46.el9_0	1:3.0.1-46.el9_0
redhat/jws5-tomcat-native	<0:1.2.31-14.redhat_14.el7	0:1.2.31-14.redhat_14.el7
redhat/jws5-tomcat-native	<0:1.2.31-14.redhat_14.el8	0:1.2.31-14.redhat_14.el8
redhat/jws5-tomcat-native	<0:1.2.31-14.redhat_14.el9	0:1.2.31-14.redhat_14.el9
OpenSSL OpenSSL	>=1.0.2<1.0.2zg
OpenSSL OpenSSL	>=1.1.1<1.1.1t
OpenSSL OpenSSL	>=3.0.0<3.0.8
Stormshield Endpoint Security	<7.2.40
Stormshield Sslvpn	<3.2.1
Stormshield Stormshield Network Security	>=2.7.0<2.7.11
Stormshield Stormshield Network Security	>=2.8.0<3.7.34
Stormshield Stormshield Network Security	>=3.8.0<3.11.22
Stormshield Stormshield Network Security	>=4.0.0<4.3.16
Stormshield Stormshield Network Security	>=4.4.0<4.6.3
rust/openssl-src	>=300.0.0<300.0.12	300.0.12
rust/openssl-src	<111.25.0	111.25.0
F5 BIG-IP	>=17.0.0<=17.1.0	17.1.117.1.0.1
F5 BIG-IP	>=16.1.0<=16.1.4	16.1.5
F5 BIG-IP	>=15.1.0<=15.1.9	15.1.10
F5 BIG-IP	>=14.1.0<=14.1.5
F5 BIG-IP	>=13.1.0<=13.1.5
F5 BIG-IP Next SPK	>=1.5.0<=1.7.1
F5 BIG-IQ Centralized Management	>=8.0.0<=8.3.0
F5 BIG-IQ Centralized Management	=7.1.0
F5 F5OS-A	=1.3.1
F5 Traffix SDC	=5.2.0
debian/openssl		1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1
IBM Cloud Pak for Business Automation	<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation	<=V21.0.3 - V21.0.3-IF020
IBM Cloud Pak for Business Automation	<=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-4304?
CVE-2022-4304 is a vulnerability in the OpenSSL RSA Decryption implementation that allows an attacker to recover plaintext data in a Bleichenbacher style attack.
What is the severity of CVE-2022-4304?
The severity of CVE-2022-4304 is medium with a CVSS score of 5.9.
Which software versions are affected by CVE-2022-4304?
OpenSSL versions 1.0.2 to 1.0.2zg, 1.1.1 to 1.1.1t, and 3.0.0 to 3.0.8 are affected by CVE-2022-4304.
How can an attacker exploit CVE-2022-4304?
An attacker can exploit CVE-2022-4304 by sending a large number of trial messages to perform a timing-based side channel attack.
Is there a patch available for CVE-2022-4304?
Yes, patches are available for the affected versions of OpenSSL.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/weakness
agent/author
agent/title
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-cve
collector/github-advisory-latest
source/GitHub
alias/GHSA-p52g-cm5j-mjv4
alias/CVE-2022-4304
collector/github-advisory
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
collector/f5-advisory
source/F5
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/description
agent/softwarecombine
agent/event
collector/ibm-support
source/IBM
package-manager/redhat
vendor/openssl
canonical/openssl openssl
version/openssl openssl/1.0.2
version/openssl openssl/1.1.1
version/openssl openssl/3.0.0
vendor/stormshield
canonical/stormshield endpoint security
canonical/stormshield sslvpn
canonical/stormshield stormshield network security
version/stormshield stormshield network security/2.7.0
version/stormshield stormshield network security/2.8.0
version/stormshield stormshield network security/3.8.0
version/stormshield stormshield network security/4.0.0
version/stormshield stormshield network security/4.4.0
package-manager/rust
vendor/f5
canonical/f5 big-ip
version/f5 big-ip/17.0.0
version/f5 big-ip/17.1.0
version/f5 big-ip/16.1.0
version/f5 big-ip/16.1.4
version/f5 big-ip/15.1.0
version/f5 big-ip/15.1.9
version/f5 big-ip/14.1.0
version/f5 big-ip/14.1.5
version/f5 big-ip/13.1.0
version/f5 big-ip/13.1.5
canonical/f5 big-ip next spk
version/f5 big-ip next spk/1.5.0
version/f5 big-ip next spk/1.7.1
canonical/f5 big-iq centralized management
version/f5 big-iq centralized management/8.0.0
version/f5 big-iq centralized management/8.3.0
version/f5 big-iq centralized management/7.1.0
canonical/f5 f5os-a
version/f5 f5os-a/1.3.1
canonical/f5 traffix sdc
version/f5 traffix sdc/5.2.0
package-manager/debian
vendor/ibm
canonical/ibm cloud pak for business automation
version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if004
version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if020
version/ibm cloud pak for business automation/v22.0.1 - v22.0.1-if006 and later fixesv21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes