Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
CVE-2023-45287

7.5HIGH

Key Information:

Vendor: Go Standard Library
Status: Crypto/tls
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-45287?

Before version 1.20, the Go programming language employed an RSA-based TLS key exchange mechanism utilizing the math/big library, which was not designed to operate in constant time. Although RSA blinding techniques were introduced to mitigate the risk of timing attacks, investigations indicated that these measures were insufficient. The absence of PKCS#1 padding created opportunities for timing information leaks, potentially allowing attackers to recover bits of the session key. With the release of Go 1.20, a transition to a fully constant time RSA implementation was made within the crypto/tls library, effectively addressing the timing side channels that were present in earlier versions.

Affected Version(s)

crypto/tls 0 < 1.20.0

References

https://go.dev/issue/20654

https://go.dev/cl/326012/26

https://groups.google.com/g/golang-announce/c/QMK8IQALDvA

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Oct 6, 2023

Go Standard Library

What is CVE-2023-45287?

Affected Version(s)

References

CVSS V3.1

Timeline