GO-2023-2375

See a problem?

Source

https://pkg.go.dev/vuln/GO-2023-2375

Import Source

https://vuln.go.dev/ID/GO-2023-2375.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2023-2375

Aliases

Published

2023-12-05T16:16:44Z

Modified

2024-05-20T16:03:47Z

Summary

Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Details

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits.

In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

References

Affected packages

Go / stdlib

Package

Name: stdlib; View open source insights on deps.dev
Purl: pkg:golang/stdlib

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.0

Ecosystem specific

{
    "imports": [
        {
            "path": "crypto/tls",
            "symbols": [
                "Conn.Handshake",
                "Conn.HandshakeContext",
                "Conn.Read",
                "Conn.Write",
                "Dial",
                "DialWithDialer",
                "Dialer.Dial",
                "Dialer.DialContext",
                "rsaKeyAgreement.generateClientKeyExchange",
                "rsaKeyAgreement.processClientKeyExchange"
            ]
        }
    ]
}