CVE-2023-6935
Vulnerability from cvelistv5
Published
2024-02-09 22:25
Modified
2024-08-02 08:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
References
facts@wolfssl.comhttps://people.redhat.com/~hkario/marvin/Technical Description
facts@wolfssl.comhttps://www.wolfssl.com/docs/security-vulnerabilities/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://people.redhat.com/~hkario/marvin/Technical Description
af854a3a-2127-422b-91ae-364da2661108https://www.wolfssl.com/docs/security-vulnerabilities/Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T12:48:11.895530Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:16.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "technical-description",
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://people.redhat.com/~hkario/marvin/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "RSA"
          ],
          "product": "wolfSSL",
          "repo": "https://github.com/wolfSSL/wolfssl",
          "vendor": "wolfSSL",
          "versions": [
            {
              "lessThanOrEqual": "5.6.4",
              "status": "affected",
              "version": "3.12.2",
              "versionType": "release bundle"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be vulnerable, static RSA cipher suites must be enabled with\u003cbr\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."
            }
          ],
          "value": "To be vulnerable, static RSA cipher suites must be enabled with\nCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hubert Kario"
        },
        {
          "lang": "en",
          "type": "tool",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "tlsfuzzer"
        }
      ],
      "datePublic": "2023-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBleichenbacher\u003c/span\u003e style attack, when built with the following options to configure:\u003cbr\u003e\u003cbr\u003e--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\u003cbr\u003e\u003cbr\u003eThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u0026nbsp; Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\u003cbr\u003e\u003cbr\u003eThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\u003cbr\u003e"
            }
          ],
          "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-463",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-463 Padding Oracle Crypto Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T22:25:04.663Z",
        "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
        "shortName": "wolfSSL"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "third-party-advisory"
          ],
          "url": "https://people.redhat.com/~hkario/marvin/"
        },
        {
          "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade wolfSSL to 5.6.6"
            }
          ],
          "value": "Upgrade wolfSSL to 5.6.6"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Marvin Attack vulnerability in SP Math All RSA",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eDo not enable static RSA cipher suites\u003c/li\u003e\u003cli\u003eUse TLS 1.3\u003c/li\u003e\u003cli\u003eBuild with --enable-sp, or --enable-sp-asm\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "  *  Do not enable static RSA cipher suites\n  *  Use TLS 1.3\n  *  Build with --enable-sp, or --enable-sp-asm\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
    "assignerShortName": "wolfSSL",
    "cveId": "CVE-2023-6935",
    "datePublished": "2024-02-09T22:25:04.663Z",
    "dateReserved": "2023-12-18T22:00:54.166Z",
    "dateUpdated": "2024-08-02T08:42:08.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6935\",\"sourceIdentifier\":\"facts@wolfssl.com\",\"published\":\"2024-02-09T23:15:08.030\",\"lastModified\":\"2024-11-21T08:44:52.217\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\\n\\n--enable-all CFLAGS=\\\"-DWOLFSSL_STATIC_RSA\\\"\\n\\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \\\"--enable-all\\\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\\n\\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\\n\"},{\"lang\":\"es\",\"value\":\"wolfSSL SP Math Toda la implementaci\u00f3n de RSA es vulnerable al ataque Marvin, una nueva variaci\u00f3n de un ataque de sincronizaci\u00f3n de estilo Bleichenbacher, cuando se construye con las siguientes opciones para configurar: --enable-all CFLAGS=\\\"-DWOLFSSL_STATIC_RSA\\\" La definici\u00f3n \\\"WOLFSSL_STATIC_RSA\\\" habilita RSA est\u00e1tico conjuntos de cifrado, que no se recomienda y ha estado deshabilitado de forma predeterminada desde wolfSSL 3.6.6. Por lo tanto, la compilaci\u00f3n predeterminada desde 3.6.6, incluso con \\\"--enable-all\\\", no es vulnerable al ataque Marvin. La vulnerabilidad es espec\u00edfica de los conjuntos de cifrado RSA est\u00e1ticos y se espera que sea independiente del relleno. La vulnerabilidad permite a un atacante descifrar textos cifrados y falsificar firmas despu\u00e9s de realizar una gran cantidad de observaciones de prueba. Sin embargo, la clave privada del servidor no est\u00e1 expuesta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.2\",\"versionEndIncluding\":\"5.6.4\",\"matchCriteriaId\":\"814E3645-BD7D-48A3-8D8D-4587FBBA2AD3\"}]}]}],\"references\":[{\"url\":\"https://people.redhat.com/~hkario/marvin/\",\"source\":\"facts@wolfssl.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://www.wolfssl.com/docs/security-vulnerabilities/\",\"source\":\"facts@wolfssl.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://people.redhat.com/~hkario/marvin/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://www.wolfssl.com/docs/security-vulnerabilities/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.