Bug 1218044 (CVE-2023-50781)

Summary: VUL-0: CVE-2023-50781: m2crypto: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, camila.matos, mcepl, meissner, python-maintainers, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/387938/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-50781:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-14 09:13:38 UTC 
Description:
The fix for CVE-2020-25657 is not addressing the leakage in the RSA decryption. Because of the API design, the fix is generally not believed to be possible to be fully addressed. The issue can be mitigated by using a cryptographic backend that implements implicit rejection (Marvin workaround). Only applications that use RSA decryption with PKCS#1 v1.5 padding are affected.

References:
https://gitlab.com/m2crypto/m2crypto/-/issues/342
https://people.redhat.com/~hkario/marvin/
https://github.com/openssl/openssl/pull/13817
https://gitlab.com/m2crypto/m2crypto/-/issues/342

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50781
Comment 3 Marcus Meissner 2024-01-15 15:45:38 UTC 
Currently it looks like this is dependend on openssl fixing it , but openssl decided to only fix it in openssl 3.

So currently we will not address this in current products.
Comment 5 Matej Cepl 2024-02-16 20:31:14 UTC 
Actually, I should just suggest WONTFIX, using the same logic as in bug 1218043.