Bug 1215312 (CVE-2023-4421) - VUL-0: CVE-2023-4421: mozilla-nss: new tlsfuzzer code can still detect timing issues in RSA operations
Summary: VUL-0: CVE-2023-4421: mozilla-nss: new tlsfuzzer code can still detect timing...
Status: RESOLVED FIXED
Alias: CVE-2023-4421
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Mozilla Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/378126/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-4421:5.9:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-13 13:38 UTC by Alexander Bergmann
Modified: 2023-10-11 09:14 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2023-09-13 13:38:28 UTC 
CVE-2023-4421

This patch defeats Bleichenbacher by not trying to hide the size of the
decrypted text, but to hide if the text succeeded for failed. This is done
by generating a fake returned text that's based on the key and the cipher text,
so the fake data is always the same for the same key and cipher text. Both the
length and the plain text are generated with a prf.

References:
https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4421
https://bugzilla.redhat.com/show_bug.cgi?id=2238677
Comment 3 Martin Sirringhaus 2023-10-11 09:14:01 UTC 
This has been committed already in 2020, and only now popped up again, because a CVE-number for it was assigned very late for it. 
All NSS-versions we have in (open-)SUSE, including ESR, should already have the fix.