Vulnerabilities > CVE-2023-4421 - Information Exposure Through Discrepancy vulnerability in Mozilla NSS

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mozilla

CWE-203

NVD

Published: 2023-12-12

Updated: 2023-12-20

Summary

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla NSS - Mozilla NSS 3.1 Mozilla NSS 3.1.1 Mozilla NSS 3.2 Mozilla NSS 3.2.1 Mozilla NSS 3.3 Mozilla NSS 3.3.1 Mozilla NSS 3.3.2 Mozilla NSS 3.4 Mozilla NSS 3.4.1 Mozilla NSS 3.4.2 Mozilla NSS 3.4.3 Mozilla NSS 3.6	13

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References