Bug 1218044 (CVE-2023-50781) - VUL-0: CVE-2023-50781: m2crypto: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix
Summary: VUL-0: CVE-2023-50781: m2crypto: Bleichenbacher timing attacks in the RSA dec...
Status: RESOLVED WONTFIX
Alias: CVE-2023-50781
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/387938/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-50781:5.9:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-14 09:13 UTC by SMASH SMASH
Modified: 2024-05-15 14:30 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-12-14 09:13:38 UTC 
Description:
The fix for CVE-2020-25657 is not addressing the leakage in the RSA decryption. Because of the API design, the fix is generally not believed to be possible to be fully addressed. The issue can be mitigated by using a cryptographic backend that implements implicit rejection (Marvin workaround). Only applications that use RSA decryption with PKCS#1 v1.5 padding are affected.

References:
https://gitlab.com/m2crypto/m2crypto/-/issues/342
https://people.redhat.com/~hkario/marvin/
https://github.com/openssl/openssl/pull/13817
https://gitlab.com/m2crypto/m2crypto/-/issues/342

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50781
Comment 3 Marcus Meissner 2024-01-15 15:45:38 UTC 
Currently it looks like this is dependend on openssl fixing it , but openssl decided to only fix it in openssl 3.

So currently we will not address this in current products.
Comment 5 Matej Cepl 2024-02-16 20:31:14 UTC 
Actually, I should just suggest WONTFIX, using the same logic as in bug 1218043.