Skip to content

Commit a597a77

Browse files
t8mt8m
committed
Add advisory and newsflash for CVE-2024-13176 
1 parent 29da3c7 commit a597a77

File tree

3 files changed

+262
-0
lines changed

3 files changed

+262
-0
lines changed

newsflash.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
| Date | Title |
22
| ----------- | ----- |
3+
| 20-Jan-2025 | [Security Advisory](/news/secadv/20250120.txt): one low severity fix. |
34
| 22-Oct-2024 | Final version of OpenSSL 3.4.0 is now available: please download and upgrade! |
45
| 16-Oct-2024 | [Security Advisory](/news/secadv/20241016.txt): one low severity fix. |
56
| 07-Oct-2024 | Beta 1 of OpenSSL 3.4 is now available: please download and test it |

secadv/20250120.txt

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
OpenSSL Security Advisory [20th January 2025]
2+
=============================================
3+
4+
Timing side-channel in ECDSA signature computation (CVE-2024-13176)
5+
===================================================================
6+
7+
Severity: Low
8+
9+
Issue summary: A timing side-channel which could potentially allow recovering
10+
the private key exists in the ECDSA signature computation.
11+
12+
Impact summary: A timing side-channel in ECDSA signature computations
13+
could allow recovering the private key by an attacker. However, measuring
14+
the timing would require either local access to the signing application or
15+
a very fast network connection with low latency.
16+
17+
There is a timing signal of around 300 nanoseconds when the top word of
18+
the inverted ECDSA nonce value is zero. This can happen with significant
19+
probability only for some of the supported elliptic curves. In particular
20+
the NIST P-521 curve is affected. To be able to measure this leak, the attacker
21+
process must either be located in the same physical computer or must
22+
have a very fast network connection with low latency. For that reason
23+
the severity of this vulnerability is Low.
24+
25+
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
26+
27+
OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
28+
29+
OpenSSL 3.4 users should upgrade to OpenSSL 3.4.1 once it is released.
30+
31+
OpenSSL 3.3 users should upgrade to OpenSSL 3.3.3 once it is released.
32+
33+
OpenSSL 3.2 users should upgrade to OpenSSL 3.2.4 once it is released.
34+
35+
OpenSSL 3.1 users should upgrade to OpenSSL 3.1.8 once it is released.
36+
37+
OpenSSL 3.0 users should upgrade to OpenSSL 3.0.16 once it is released.
38+
39+
OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1zb once it is released
40+
(premium support customers only).
41+
42+
OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zl once it is released
43+
(premium support customers only).
44+
45+
Due to the low severity of this issue we are not issuing new releases of
46+
OpenSSL at this time. The fix will be included in the next release of each
47+
branch, once it becomes available. The fix is also available in commit
48+
77c608f4 (for 3.4), commit 392dcb33 (for 3.3), commit 4b1cb94 (for 3.2),
49+
commit 2af62e74 (for 3.1) and commit 07272b05 (for 3.0) in the OpenSSL git
50+
repository.
51+
52+
It is available to premium support customers in commit a2639000 (for 1.1.1) and in
53+
commit 0d5fd1ab (for 1.0.2).
54+
55+
This issue was reported on 4th September 2024 by George Pantelakis and
56+
Alicja Kario (Red Hat).
57+
The fix was developed by Tomas Mraz.
58+
59+
General Advisory Notes
60+
======================
61+
62+
URL for this Security Advisory:
63+
https://openssl-library.org/news/secadv/20250120.txt
64+
65+
Note: the online version of the advisory may be updated with additional details
66+
over time.
67+
68+
For details of OpenSSL severity classifications please see:
69+
https://openssl-library.org/policies/general/security-policy/

secjson/CVE-2024-13176.json

Lines changed: 192 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,192 @@
1+
{
2+
"containers": {
3+
"cna": {
4+
"affected": [
5+
{
6+
"defaultStatus": "unaffected",
7+
"product": "OpenSSL",
8+
"vendor": "OpenSSL",
9+
"versions": [
10+
{
11+
"lessThan": "3.4.1",
12+
"status": "affected",
13+
"version": "3.4.0",
14+
"versionType": "semver"
15+
},
16+
{
17+
"lessThan": "3.3.3",
18+
"status": "affected",
19+
"version": "3.3.0",
20+
"versionType": "semver"
21+
},
22+
{
23+
"lessThan": "3.2.4",
24+
"status": "affected",
25+
"version": "3.2.0",
26+
"versionType": "semver"
27+
},
28+
{
29+
"lessThan": "3.1.8",
30+
"status": "affected",
31+
"version": "3.1.0",
32+
"versionType": "semver"
33+
},
34+
{
35+
"lessThan": "3.0.16",
36+
"status": "affected",
37+
"version": "3.0.0",
38+
"versionType": "semver"
39+
},
40+
{
41+
"lessThan": "1.1.1zb",
42+
"status": "affected",
43+
"version": "1.1.1",
44+
"versionType": "custom"
45+
},
46+
{
47+
"lessThan": "1.0.2zl",
48+
"status": "affected",
49+
"version": "1.0.2",
50+
"versionType": "custom"
51+
}
52+
]
53+
}
54+
],
55+
"credits": [
56+
{
57+
"lang": "en",
58+
"type": "finder",
59+
"user": "00000000-0000-4000-9000-000000000000",
60+
"value": "George Pantelakis (Red Hat)"
61+
},
62+
{
63+
"lang": "en",
64+
"type": "finder",
65+
"user": "00000000-0000-4000-9000-000000000000",
66+
"value": "Alicja Kario (Red Hat)"
67+
},
68+
{
69+
"lang": "en",
70+
"type": "remediation developer",
71+
"user": "00000000-0000-4000-9000-000000000000",
72+
"value": "Tomáš Mráz"
73+
}
74+
],
75+
"datePublic": "2025-01-20T14:00:00.000Z",
76+
"descriptions": [
77+
{
78+
"lang": "en",
79+
"supportingMedia": [
80+
{
81+
"base64": false,
82+
"type": "text/html",
83+
"value": "Issue summary: A timing side-channel which could potentially allow recovering<br>the private key exists in the ECDSA signature computation.<br><br>Impact summary: A timing side-channel in ECDSA signature computations<br>could allow recovering the private key by an attacker. However, measuring<br>the timing would require either local access to the signing application or<br>a very fast network connection with low latency.<br><br>There is a timing signal of around 300 nanoseconds when the top word of<br>the inverted ECDSA nonce value is zero. This can happen with significant<br>probability only for some of the supported elliptic curves. In particular<br>the NIST P-521 curve is affected. To be able to measure this leak, the attacker<br>process must either be located in the same physical computer or must<br>have a very fast network connection with low latency. For that reason<br>the severity of this vulnerability is Low."
84+
}
85+
],
86+
"value": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low."
87+
}
88+
],
89+
"metrics": [
90+
{
91+
"format": "other",
92+
"other": {
93+
"content": {
94+
"text": "Low"
95+
},
96+
"type": "https://openssl-library.org/policies/general/security-policy/"
97+
}
98+
}
99+
],
100+
"problemTypes": [
101+
{
102+
"descriptions": [
103+
{
104+
"cweId": "CWE-385",
105+
"description": "CWE-385 Covert Timing Channel",
106+
"lang": "en",
107+
"type": "CWE"
108+
}
109+
]
110+
}
111+
],
112+
"providerMetadata": {
113+
"orgId": "00000000-0000-4000-9000-000000000000",
114+
"shortName": "openssl"
115+
},
116+
"references": [
117+
{
118+
"name": "OpenSSL Advisory",
119+
"tags": [
120+
"vendor-advisory"
121+
],
122+
"url": "https://openssl-library.org/news/secadv/20250120.txt"
123+
},
124+
{
125+
"name": "3.3.4 git commit",
126+
"tags": [
127+
"patch"
128+
],
129+
"url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
130+
},
131+
{
132+
"name": "3.3.3 git commit",
133+
"tags": [
134+
"patch"
135+
],
136+
"url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
137+
},
138+
{
139+
"name": "3.2.4 git commit",
140+
"tags": [
141+
"patch"
142+
],
143+
"url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
144+
},
145+
{
146+
"name": "3.1.8 git commit",
147+
"tags": [
148+
"patch"
149+
],
150+
"url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
151+
},
152+
{
153+
"name": "3.0.16 git commit",
154+
"tags": [
155+
"patch"
156+
],
157+
"url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
158+
},
159+
{
160+
"name": "1.1.1zb git commit",
161+
"tags": [
162+
"patch"
163+
],
164+
"url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
165+
},
166+
{
167+
"name": "1.0.2zl git commit",
168+
"tags": [
169+
"patch"
170+
],
171+
"url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
172+
}
173+
],
174+
"source": {
175+
"discovery": "UNKNOWN"
176+
},
177+
"title": "Timing side-channel in ECDSA signature computation",
178+
"x_generator": {
179+
"engine": "Vulnogram 0.2.0"
180+
}
181+
}
182+
},
183+
"cveMetadata": {
184+
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
185+
"cveId": "CVE-2024-13176",
186+
"requesterUserId": "00000000-0000-4000-9000-000000000000",
187+
"serial": 1,
188+
"state": "PUBLISHED"
189+
},
190+
"dataType": "CVE_RECORD",
191+
"dataVersion": "5.1"
192+
}

0 commit comments

Comments
 (0)