[GO-2023-2375] Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which
is not constant time. RSA blinding was applied to prevent timing attacks, but
analysis shows this may not have been fully effective. In particular it appears
as if the removal of PKCS#1 padding may leak timing information, which in turn
could be used to recover session key bits.
In Go 1.20, the crypto/tls library switched to a fully constant time RSA
implementation, which we do not believe exhibits any timing side channels.
Package | Affected Version |
---|---|
pkg:golang/crypto/tls | >= 1.19.0, < 1.20.0 |
Package | Fixed Version |
---|---|
pkg:golang/crypto/tls | = 1.20.0 |
- ID
- GO-2023-2375
- Severity
- high
- Severity from
- CVE-2023-45287
- URL
- https://pkg.go.dev/vuln/GO-2023-2375
- Published
-
2023-12-04T21:22:28
(9 months ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |