Homepage
About Snyk

Observable Timing Discrepancy Affecting s2n-tls package, versions <0.2.7

Severity

 Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUST-S2NTLS-7222568
  • published 9 Jun 2024
  • disclosed 6 Jun 2024
  • credit Hubert Kario
Report a new vulnerability Found a mistake?

Introduced: 6 Jun 2024

CVE NOT AVAILABLE CWE-203 Open this link in a new tab

How to fix?

Upgrade s2n-tls to version 0.2.7 or higher.

Overview

s2n-tls is a crate provides ergonomic, idiomatic Rust bindings for s2n-tls. From the s2n-tls readme:

Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster secret contains an incorrect client hello version.

Note

This is only exploitable if server applications permit RSA key exchange without using the default, built-in blinding feature, or properly implemented self-service blinding.

Workaround

This vulnerability can be mitigated by using an s2n-tls security policy that disallows RSA key exchange.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
3.7 low
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None