A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.

CPENameOperatorVersion
openssl-srclt300.0.12
openssl-srclt111.25.0
openssl-srcge300.0.0

Name	Operator	Version
openssl-src	lt	300.0.12
openssl-src	lt	111.25.0
openssl-src	ge	300.0.0

References

crates.io/crates/openssl-src

rustsec.org/advisories/RUSTSEC-2023-0007.html

www.openssl.org/news/secadv/20230207.txt

nessus 63

ubuntucve 1

cbl_mariner 6

openvas 38

cve 1

ibm 31

redhatcve 1

osv 6

prion 1

alpinelinux 1

debiancve 1

github 1

cvelist 1

hackerone 1

openssl 1

rustsec 1

f5 1

veracode 1

ics 5

githubexploit 1

wolfi 1

cgr 1

redhat 7

amazon 3

altlinux 2

almalinux 3

oraclelinux 9

freebsd 1

redos 1

rocky 1

fedora 2

slackware 1

freebsd_advisory 1

debian 2

ubuntu 1

nessus

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2023:2622-1)

2023-06-25 00:00:00

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2023:2624-1)

2023-06-26 00:00:00

Siemens SCALANCE W1750D Devices Inadequate Encryption Strength (CVE-2022-4304)

2023-12-19 00:00:00

ubuntucve

CVE-2022-4304

2023-02-07 00:00:00

cbl_mariner

CVE-2022-4304 affecting package cloud-hypervisor 22.0-2

2024-05-17 09:07:12

CVE-2022-4304 affecting package rust for versions less than 1.72.0-2

2023-10-11 01:41:59

CVE-2022-4304 affecting package openssl for versions less than 1.1.1k-21

2023-02-14 20:36:09

openvas

SUSE: Security Advisory (SUSE-SU-2023:2622-1)

2023-06-26 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2633-1)

2024-02-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0584-1)

2023-03-28 00:00:00

cve

CVE-2022-4304

2023-02-08 20:15:00

ibm

Security Bulletin: IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4304)

2023-08-24 06:11:51

Security Bulletin: IBM Events Operator is affected by an openssl vulnerability

2023-09-25 14:36:07

Security Bulletin: IBM Aspera Faspex 5.0.5 has addressed CVE-2022-4304

2023-04-03 20:05:38

redhatcve

CVE-2022-4304

2023-02-07 17:27:55

osv

openssl-src subject to Timing Oracle in RSA Decryption

2023-02-08 22:31:42

CVE-2022-4304

2023-02-08 20:15:23

Important: edk2 security update

2023-05-16 00:00:00

prion

Design/Logic Flaw

2023-02-08 20:15:00

alpinelinux

CVE-2022-4304

2023-02-08 20:15:00

debiancve

CVE-2022-4304

2023-02-08 20:15:00

github

openssl-src subject to Timing Oracle in RSA Decryption

2023-02-08 22:31:42

cvelist

CVE-2022-4304 Timing Oracle in RSA Decryption

2023-02-08 19:04:28

hackerone

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

2023-12-02 23:45:28

openssl

Vulnerability in OpenSSL CVE-2022-4304

2023-02-07 00:00:00

rustsec

Timing Oracle in RSA Decryption

2023-02-07 12:00:00

K000132943 : OpenSSL vulnerability CVE-2022-4304

2023-03-13 00:00:00

veracode

Timing Attack

2023-02-10 13:05:03

ics

Siemens OpenSSL RSA Decryption in SIMATIC

2023-08-10 12:00:00

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

2023-10-05 12:00:00

Mitsubishi Electric Factory Automation Products

2024-01-04 12:00:00

githubexploit

Exploit for Observable Discrepancy in Openssl

2023-04-24 07:15:33

wolfi

CVE-2022-4304 vulnerabilities

2024-05-17 16:29:45

cgr

CVE-2022-4304 vulnerabilities

2024-05-17 15:41:37

redhat

(RHSA-2023:3408) Moderate: openssl security update

2023-05-31 18:25:53

(RHSA-2023:4128) Important: edk2 security update

2023-07-18 07:19:33

(RHSA-2023:1405) Important: openssl security update

2023-03-22 10:18:26

amazon

Important: openssl

2023-02-03 23:39:00

Important: openssl

2023-02-03 19:19:00

Important: openssl11

2023-02-03 19:19:00

altlinux

Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1t-alt1

2023-02-10 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1t-alt1

2023-02-20 00:00:00

almalinux

Important: edk2 security update

2023-05-16 00:00:00

Important: openssl security update

2023-03-22 00:00:00

Important: edk2 security, bug fix, and enhancement update

2023-05-09 00:00:00

oraclelinux

edk2 security update

2023-12-07 00:00:00

edk2 security update

2023-05-24 00:00:00

edk2 security update

2023-12-07 00:00:00

freebsd

FreeBSD -- Multiple vulnerabilities in OpenSSL

2023-02-16 00:00:00

redos

ROS-20230418-05

2023-04-18 00:00:00

rocky

openssl security update

2023-03-28 13:07:30

fedora

[SECURITY] Fedora 37 Update: edk2-20221117gitfff6d81270b5-13.fc37

2023-02-16 02:06:48

[SECURITY] Fedora 36 Update: edk2-20221117gitfff6d81270b5-14.fc36

2023-03-05 00:54:06

slackware

[slackware-security] openssl

2023-02-07 20:57:57

freebsd_advisory

FreeBSD-SA-23:03.openssl

2023-02-16 00:00:00

debian

[SECURITY] [DSA 5343-1] openssl security update

2023-02-07 21:05:48

[SECURITY] [DLA 3325-1] openssl security update

2023-02-20 11:11:44

ubuntu

Node.js vulnerabilities

2024-01-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for OSV:RUSTSEC-2023-0007