OpenCVE

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wolfssl	Wolfssl

Configuration 1 [-]

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://people.redhat.com/~hkario/marvin/
https://www.wolfssl.com/docs/security-vulnerabilities/

History

Thu, 07 Nov 2024 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wolfssl Wolfssl wolfssl
CPEs		cpe:2.3:a:wolfssl:wolfssl::::::::
Vendors & Products		Wolfssl Wolfssl wolfssl

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2024-02-09T22:25:04.663Z

Updated: 2024-08-02T08:42:08.533Z

Reserved: 2023-12-18T22:00:54.166Z

Link: CVE-2023-6935

Vulnrichment

Updated: 2024-08-02T08:42:08.533Z

NVD

Status : Analyzed

Published: 2024-02-09T23:15:08.030

Modified: 2024-11-07T20:41:30.957

Link: CVE-2023-6935

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6935", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2023-12-18T22:00:54.166Z", "datePublished": "2024-02-09T22:25:04.663Z", "dateUpdated": "2024-08-02T08:42:08.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["RSA"], "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "versions": [{"lessThanOrEqual": "5.6.4", "status": "affected", "version": "3.12.2", "versionType": "release bundle"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be vulnerable, static RSA cipher suites must be enabled with<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_STATIC_RSA\"</span></b><br><br>These have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."}], "value": "To be vulnerable, static RSA cipher suites must be enabled with\nCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlsfuzzer"}], "datePublic": "2023-12-20T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing <span style=\"background-color: rgb(255, 255, 255);\">Bleichenbacher</span> style attack, when built with the following options to configure:<br><br>--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"<br><br>The define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.<br><br>The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.<br>"}], "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n"}], "impacts": [{"capecId": "CAPEC-463", "descriptions": [{"lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-09T22:25:04.663Z"}, "references": [{"tags": ["technical-description", "third-party-advisory"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade wolfSSL to 5.6.6"}], "value": "Upgrade wolfSSL to 5.6.6"}], "source": {"discovery": "EXTERNAL"}, "title": "Marvin Attack vulnerability in SP Math All RSA", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Do not enable static RSA cipher suites</li><li>Use TLS 1.3</li><li>Build with --enable-sp, or --enable-sp-asm</li></ul>"}], "value": " * Do not enable static RSA cipher suites\n * Use TLS 1.3\n * Build with --enable-sp, or --enable-sp-asm\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T12:48:11.895530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:16.476Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["technical-description", "third-party-advisory", "x_transferred"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://people.redhat.com/~hkario/marvin/", "tags": ["technical-description", "third-party-advisory", "x_transferred"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.533Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T12:48:11.895530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.084Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Marvin Attack vulnerability in SP Math All RSA", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlsfuzzer"}], "impacts": [{"capecId": "CAPEC-463", "descriptions": [{"lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["RSA"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "3.12.2", "versionType": "release bundle", "lessThanOrEqual": "5.6.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade wolfSSL to 5.6.6", "supportingMedia": [{"type": "text/html", "value": "Upgrade wolfSSL to 5.6.6", "base64": false}]}], "datePublic": "2023-12-20T00:00:00.000Z", "references": [{"url": "https://people.redhat.com/~hkario/marvin/", "tags": ["technical-description", "third-party-advisory"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "workarounds": [{"lang": "en", "value": " * Do not enable static RSA cipher suites\n * Use TLS 1.3\n * Build with --enable-sp, or --enable-sp-asm\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Do not enable static RSA cipher suites</li><li>Use TLS 1.3</li><li>Build with --enable-sp, or --enable-sp-asm</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n", "supportingMedia": [{"type": "text/html", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing <span style=\"background-color: rgb(255, 255, 255);\">Bleichenbacher</span> style attack, when built with the following options to configure:<br><br>--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"<br><br>The define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.<br><br>The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "configurations": [{"lang": "en", "value": "To be vulnerable, static RSA cipher suites must be enabled with\nCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable.", "supportingMedia": [{"type": "text/html", "value": "To be vulnerable, static RSA cipher suites must be enabled with<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_STATIC_RSA\"</span></b><br><br>These have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable.", "base64": false}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-09T22:25:04.663Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6935", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:42:08.533Z", "dateReserved": "2023-12-18T22:00:54.166Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-02-09T22:25:04.663Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "814E3645-BD7D-48A3-8D8D-4587FBBA2AD3", "versionEndIncluding": "5.6.4", "versionStartIncluding": "3.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n"}, {"lang": "es", "value": "wolfSSL SP Math Toda la implementaci\u00f3n de RSA es vulnerable al ataque Marvin, una nueva variaci\u00f3n de un ataque de sincronizaci\u00f3n de estilo Bleichenbacher, cuando se construye con las siguientes opciones para configurar: --enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\" La definici\u00f3n \"WOLFSSL_STATIC_RSA\" habilita RSA est\u00e1tico conjuntos de cifrado, que no se recomienda y ha estado deshabilitado de forma predeterminada desde wolfSSL 3.6.6. Por lo tanto, la compilaci\u00f3n predeterminada desde 3.6.6, incluso con \"--enable-all\", no es vulnerable al ataque Marvin. La vulnerabilidad es espec\u00edfica de los conjuntos de cifrado RSA est\u00e1ticos y se espera que sea independiente del relleno. La vulnerabilidad permite a un atacante descifrar textos cifrados y falsificar firmas despu\u00e9s de realizar una gran cantidad de observaciones de prueba. Sin embargo, la clave privada del servidor no est\u00e1 expuesta."}], "id": "CVE-2023-6935", "lastModified": "2024-11-07T20:41:30.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2024-02-09T23:15:08.030", "references": [{"source": "facts@wolfssl.com", "tags": ["Technical Description"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"source": "facts@wolfssl.com", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}