Bug 1215312 (CVE-2023-4421)

Summary: VUL-0: CVE-2023-4421: mozilla-nss: new tlsfuzzer code can still detect timing issues in RSA operations
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Mozilla Bugs <mozilla-bugs>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: martin.sirringhaus, meissner, mozilla-bugs, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/378126/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-4421:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-09-13 13:38:28 UTC 
CVE-2023-4421

This patch defeats Bleichenbacher by not trying to hide the size of the
decrypted text, but to hide if the text succeeded for failed. This is done
by generating a fake returned text that's based on the key and the cipher text,
so the fake data is always the same for the same key and cipher text. Both the
length and the plain text are generated with a prf.

References:
https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4421
https://bugzilla.redhat.com/show_bug.cgi?id=2238677
Comment 3 Martin Sirringhaus 2023-10-11 09:14:01 UTC 
This has been committed already in 2020, and only now popped up again, because a CVE-number for it was assigned very late for it. 
All NSS-versions we have in (open-)SUSE, including ESR, should already have the fix.