CVE-2023-45287Observable Discrepancy in Standard Library Crypto TLS

CWE-203Observable DiscrepancyCWE-208Observable Timing Discrepancy8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GO Standard Library Crypto TLSGolang GO
Timeline
PublishedDec 5
Latest updateDec 12

Description

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5go_standard_library/crypto_tls< 1.20.0
NVDgolang/go< 1.20.0

🔴Vulnerability Details

4
GHSA
GHSA-33qr-2xwr-95pw: Before Go 12023-12-05
OSV
CVE-2023-45287: Before Go 12023-12-05
CVEList
Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel2023-12-05
OSV
Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel2023-12-05

📋Vendor Advisories

3
Microsoft
Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel2023-12-12
Red Hat
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.2023-12-05
Debian
CVE-2023-45287: golang-1.15 - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which...2023
CVE-2023-45287 — Observable Discrepancy | cvebase