GoogleOSV:CVE-2023-25000

HistoryMar 30, 2023 - 1:15 a.m.

CVE-2023-25000

2023-03-3001:15:07

Google

osv.dev

cve-2023-25000

hashicorp vault

shamir's secret sharing

precomputed table lookups

cache-timing attacks

unseal operations

side channel

brute force

software

security vulnerability

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

HashiCorp Vault’s implementation of Shamir’s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

CPENameOperatorVersion
vaulteq1.12.0
vaulteq1.12.3
vaulteq1.12.4
vaulteq1.12.1
vaulteq1.12.2

Name	Operator	Version
vault	eq	1.12.0
vault	eq	1.12.3
vault	eq	1.12.4
vault	eq	1.12.1
vault	eq	1.12.2

References

discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078

security.netapp.com/advisory/ntap-20230526-0008/