CVE-2022-4304

Timing Oracle in RSA Decryption

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.

*Credits: Hubert Kario from RedHat, Dmitry Belyavsky from RedHat, Hubert Kario from RedHat

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-06 CVE Reserved
2023-02-07 CVE Published
2024-08-03 CVE Updated
2024-08-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-203: Observable Discrepancy

CAPEC

References (4)

URL	Tag	Source
https://security.gentoo.org/glsa/202402-08

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.openssl.org/news/secadv/20230207.txt	2024-02-04
https://access.redhat.com/security/cve/CVE-2022-4304	2023-07-18
https://bugzilla.redhat.com/show_bug.cgi?id=2164487	2023-07-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2 < 1.0.2zg Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2zg"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.1 < 1.1.1t Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 < 1.1.1t"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 3.0.0 < 3.0.8 Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 < 3.0.8"		-		Affected
Stormshield Search vendor "Stormshield"		Endpoint Security Search vendor "Stormshield" for product "Endpoint Security"				< 7.2.40 Search vendor "Stormshield" for product "Endpoint Security" and version " < 7.2.40"		-		Affected
Stormshield Search vendor "Stormshield"		Sslvpn Search vendor "Stormshield" for product "Sslvpn"				< 3.2.1 Search vendor "Stormshield" for product "Sslvpn" and version " < 3.2.1"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 2.7.0 < 2.7.11 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 2.7.0 < 2.7.11"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 2.8.0 < 3.7.34 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 2.8.0 < 3.7.34"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 3.8.0 < 3.11.22 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 3.8.0 < 3.11.22"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 4.0.0 < 4.3.16 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 4.0.0 < 4.3.16"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 4.4.0 < 4.6.3 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 4.4.0 < 4.6.3"		-		Affected