Observable Timing Discrepancy Affecting s2n-tls package, versions <0.2.7


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUST-S2NTLS-7222568
  • published9 Jun 2024
  • disclosed6 Jun 2024
  • creditHubert Kario

Introduced: 6 Jun 2024

CVE NOT AVAILABLE CWE-203  (opens in a new tab)

How to fix?

Upgrade s2n-tls to version 0.2.7 or higher.

Overview

s2n-tls is a crate provides ergonomic, idiomatic Rust bindings for s2n-tls. From the s2n-tls readme:

Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster secret contains an incorrect client hello version.

Note

This is only exploitable if server applications permit RSA key exchange without using the default, built-in blinding feature, or properly implemented self-service blinding.

Workaround

This vulnerability can be mitigated by using an s2n-tls security policy that disallows RSA key exchange.

CVSS Scores

version 3.1