{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6935", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2023-12-18T22:00:54.166Z", "datePublished": "2024-02-09T22:25:04.663Z", "dateUpdated": "2024-08-02T08:42:08.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["RSA"], "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "versions": [{"lessThanOrEqual": "5.6.4", "status": "affected", "version": "3.12.2", "versionType": "release bundle"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be vulnerable, static RSA cipher suites must be enabled with<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_STATIC_RSA\"</span></b><br><br>These have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."}], "value": "To be vulnerable, static RSA cipher suites must be enabled with\nCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlsfuzzer"}], "datePublic": "2023-12-20T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing <span style=\"background-color: rgb(255, 255, 255);\">Bleichenbacher</span> style attack, when built with the following options to configure:<br><br>--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"<br><br>The define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.&nbsp; Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.<br><br>The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.<br>"}], "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n"}], "impacts": [{"capecId": "CAPEC-463", "descriptions": [{"lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-09T22:25:04.663Z"}, "references": [{"tags": ["technical-description", "third-party-advisory"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade wolfSSL to 5.6.6"}], "value": "Upgrade wolfSSL to 5.6.6"}], "source": {"discovery": "EXTERNAL"}, "title": "Marvin Attack vulnerability in SP Math All RSA", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Do not enable static RSA cipher suites</li><li>Use TLS 1.3</li><li>Build with --enable-sp, or --enable-sp-asm</li></ul>"}], "value": "  *  Do not enable static RSA cipher suites\n  *  Use TLS 1.3\n  *  Build with --enable-sp, or --enable-sp-asm\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T12:48:11.895530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:16.476Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["technical-description", "third-party-advisory", "x_transferred"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://people.redhat.com/~hkario/marvin/", "tags": ["technical-description", "third-party-advisory", "x_transferred"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.533Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T12:48:11.895530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.084Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Marvin Attack vulnerability in SP Math All RSA", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlsfuzzer"}], "impacts": [{"capecId": "CAPEC-463", "descriptions": [{"lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["RSA"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "3.12.2", "versionType": "release bundle", "lessThanOrEqual": "5.6.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade wolfSSL to 5.6.6", "supportingMedia": [{"type": "text/html", "value": "Upgrade wolfSSL to 5.6.6", "base64": false}]}], "datePublic": "2023-12-20T00:00:00.000Z", "references": [{"url": "https://people.redhat.com/~hkario/marvin/", "tags": ["technical-description", "third-party-advisory"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "workarounds": [{"lang": "en", "value": "  *  Do not enable static RSA cipher suites\n  *  Use TLS 1.3\n  *  Build with --enable-sp, or --enable-sp-asm\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Do not enable static RSA cipher suites</li><li>Use TLS 1.3</li><li>Build with --enable-sp, or --enable-sp-asm</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n", "supportingMedia": [{"type": "text/html", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing <span style=\"background-color: rgb(255, 255, 255);\">Bleichenbacher</span> style attack, when built with the following options to configure:<br><br>--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"<br><br>The define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.&nbsp; Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.<br><br>The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "configurations": [{"lang": "en", "value": "To be vulnerable, static RSA cipher suites must be enabled with\nCFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThese have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable.", "supportingMedia": [{"type": "text/html", "value": "To be vulnerable, static RSA cipher suites must be enabled with<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_STATIC_RSA\"</span></b><br><br>These have been disabled by default since wolfSSL 3.6.6. The default configuration of wolfSSL is not vulnerable.", "base64": false}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-09T22:25:04.663Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6935", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:42:08.533Z", "dateReserved": "2023-12-18T22:00:54.166Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-02-09T22:25:04.663Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "814E3645-BD7D-48A3-8D8D-4587FBBA2AD3", "versionEndIncluding": "5.6.4", "versionStartIncluding": "3.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"\n\nThe define \u201cWOLFSSL_STATIC_RSA\u201d enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\u00a0 Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server\u2019s private key is not exposed.\n"}, {"lang": "es", "value": "wolfSSL SP Math Toda la implementaci\u00f3n de RSA es vulnerable al ataque Marvin, una nueva variaci\u00f3n de un ataque de sincronizaci\u00f3n de estilo Bleichenbacher, cuando se construye con las siguientes opciones para configurar: --enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\" La definici\u00f3n \"WOLFSSL_STATIC_RSA\" habilita RSA est\u00e1tico conjuntos de cifrado, que no se recomienda y ha estado deshabilitado de forma predeterminada desde wolfSSL 3.6.6. Por lo tanto, la compilaci\u00f3n predeterminada desde 3.6.6, incluso con \"--enable-all\", no es vulnerable al ataque Marvin. La vulnerabilidad es espec\u00edfica de los conjuntos de cifrado RSA est\u00e1ticos y se espera que sea independiente del relleno. La vulnerabilidad permite a un atacante descifrar textos cifrados y falsificar firmas despu\u00e9s de realizar una gran cantidad de observaciones de prueba. Sin embargo, la clave privada del servidor no est\u00e1 expuesta."}], "id": "CVE-2023-6935", "lastModified": "2024-11-21T08:44:52.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "facts@wolfssl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-09T23:15:08.030", "references": [{"source": "facts@wolfssl.com", "tags": ["Technical Description"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"source": "facts@wolfssl.com", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://people.redhat.com/~hkario/marvin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "facts@wolfssl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}