Security News > 2023 > February > Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
2023-02-13 19:59

Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption.

In other words, so-called timing attacks of this sort are always troublesome, even if you might need to send millions or bogus packets and time them all to have any chance at all.

Similar "Oracle" bug in GnuTLS. Well, the same person who reported the fixed-at-last bug timing bug in OpenSSL also reported a similar bug in GnuTLS at about the same time.

Ironically, the timing flaw in GnuTLS appeared in code that was supposed to log timing attack errors in the first place.

As you can see from the code difference below, the programmer was aware that any conditional operation used in checking and dealing with a decryption error might produce timing variations, because CPUs generally take a different amount of time depending on which way your code goes after a "Branch" instruction.

Therefore the coder inserted a matching call to gnutls no log(), which pretends to log an "Attack" when there isn't one, in order to try to even up the time that the code spends in either direction that the if branch instruction can take.


News URL

https://nakedsecurity.sophos.com/2023/02/13/serious-security-gnutls-follows-openssl-fixes-timing-attack-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-08 CVE-2022-4304 Information Exposure Through Discrepancy vulnerability in multiple products
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
network
high complexity
openssl stormshield CWE-203
5.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Openssl 2 12 97 52 17 178