First published: Wed Jan 25 2023(Updated: )
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-openssl | <1:1.1.1k-14.el8 | 1:1.1.1k-14.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1k-14.el7 | 1:1.1.1k-14.el7 |
redhat/edk2 | <0:20220126gitbb1bba3d77-4.el8 | 0:20220126gitbb1bba3d77-4.el8 |
redhat/openssl | <1:1.1.1k-9.el8_7 | 1:1.1.1k-9.el8_7 |
redhat/edk2 | <0:20220126gitbb1bba3d77-2.el8_6.1 | 0:20220126gitbb1bba3d77-2.el8_6.1 |
redhat/openssl | <1:1.1.1k-9.el8_6 | 1:1.1.1k-9.el8_6 |
redhat/openssl | <1:3.0.1-47.el9_1 | 1:3.0.1-47.el9_1 |
redhat/edk2 | <0:20221207gitfff6d81270b5-9.el9_2 | 0:20221207gitfff6d81270b5-9.el9_2 |
redhat/openssl | <1:3.0.1-46.el9_0 | 1:3.0.1-46.el9_0 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el7 | 0:1.2.31-14.redhat_14.el7 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el8 | 0:1.2.31-14.redhat_14.el8 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el9 | 0:1.2.31-14.redhat_14.el9 |
OpenSSL OpenSSL | >=1.0.2<1.0.2zg | |
OpenSSL OpenSSL | >=1.1.1<1.1.1t | |
OpenSSL OpenSSL | >=3.0.0<3.0.8 | |
Stormshield Endpoint Security | <7.2.40 | |
Stormshield Sslvpn | <3.2.1 | |
Stormshield Stormshield Network Security | >=2.7.0<2.7.11 | |
Stormshield Stormshield Network Security | >=2.8.0<3.7.34 | |
Stormshield Stormshield Network Security | >=3.8.0<3.11.22 | |
Stormshield Stormshield Network Security | >=4.0.0<4.3.16 | |
Stormshield Stormshield Network Security | >=4.4.0<4.6.3 | |
rust/openssl-src | >=300.0.0<300.0.12 | 300.0.12 |
rust/openssl-src | <111.25.0 | 111.25.0 |
F5 BIG-IP | >=17.0.0<=17.1.0 | 17.1.117.1.0.1 |
F5 BIG-IP | >=16.1.0<=16.1.4 | 16.1.5 |
F5 BIG-IP | >=15.1.0<=15.1.9 | 15.1.10 |
F5 BIG-IP | >=14.1.0<=14.1.5 | |
F5 BIG-IP | >=13.1.0<=13.1.5 | |
F5 BIG-IP Next SPK | >=1.5.0<=1.7.1 | |
F5 BIG-IQ Centralized Management | >=8.0.0<=8.3.0 | |
F5 BIG-IQ Centralized Management | =7.1.0 | |
F5 F5OS-A | =1.3.1 | |
F5 Traffix SDC | =5.2.0 | |
IBM Cognos Command Center | <=10.2.4.1 | |
debian/openssl | 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-4304 is a vulnerability in the OpenSSL RSA Decryption implementation that allows an attacker to recover plaintext data in a Bleichenbacher style attack.
The severity of CVE-2022-4304 is medium with a CVSS score of 5.9.
OpenSSL versions 1.0.2 to 1.0.2zg, 1.1.1 to 1.1.1t, and 3.0.0 to 3.0.8 are affected by CVE-2022-4304.
An attacker can exploit CVE-2022-4304 by sending a large number of trial messages to perform a timing-based side channel attack.
Yes, patches are available for the affected versions of OpenSSL.