A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.

References

bugzilla.redhat.com/show_bug.cgi?id=2164487

nvd.nist.gov/vuln/detail/CVE-2022-4304

www.cve.org/CVERecord?id=CVE-2022-4304

www.openssl.org/news/secadv/20230207.txt

alpinelinux 1

prion 1

nessus 61

cvelist 1

debiancve 1

github 1

cbl_mariner 8

cgr 1

openvas 39

openssl 1

osv 8

hackerone 1

rustsec 1

ibm 31

veracode 1

f5 1

ics 5

githubexploit 1

wolfi 1

ubuntucve 1

cve 1

nvd 1

redhat 6

amazon 3

freebsd_advisory 1

almalinux 2

oraclelinux 9

freebsd 1

altlinux 2

redos 1

fedora 2

rocky 1

slackware 1

photon 1

debian 1

alpinelinux

CVE-2022-4304

2023-02-08 20:15:23

prion

Design/Logic Flaw

2023-02-08 20:15:00

nessus

Siemens SCALANCE W1750D Devices Inadequate Encryption Strength (CVE-2022-4304)

2023-12-19 00:00:00

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2023:2624-1)

2023-06-26 00:00:00

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:0581-1)

2023-03-01 00:00:00

cvelist

CVE-2022-4304 Timing Oracle in RSA Decryption

2023-02-08 19:04:28

debiancve

CVE-2022-4304

2023-02-08 20:15:23

github

openssl-src subject to Timing Oracle in RSA Decryption

2023-02-08 22:31:42

cbl_mariner

CVE-2022-4304 affecting package openssl 1.1.1k-16

2023-02-14 02:35:59

CVE-2022-4304 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

2024-05-31 18:55:08

CVE-2022-4304 affecting package rust 1.59.0-1

2024-06-29 09:08:28

cgr

CVE-2022-4304 vulnerabilities

2024-05-19 03:07:16

openvas

SUSE: Security Advisory (SUSE-SU-2023:2624-1)

2023-06-26 00:00:00

openSUSE: Security Advisory for openssl (SUSE-SU-2023:2633-1)

2024-03-04 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2633-1)

2024-02-28 00:00:00

openssl

Vulnerability in OpenSSL CVE-2022-4304

2023-02-07 00:00:00

osv

CVE-2022-4304

2023-02-08 20:15:23

Timing Oracle in RSA Decryption

2023-02-07 12:00:00

openssl-src subject to Timing Oracle in RSA Decryption

2023-02-08 22:31:42

hackerone

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

2023-12-02 23:45:28

rustsec

Timing Oracle in RSA Decryption

2023-02-07 12:00:00

ibm

Security Bulletin: IBM Events Operator is affected by an openssl vulnerability

2023-09-25 14:36:07

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in OpenSSL (CVE-2022-4304)

2023-07-27 17:21:23

Security Bulletin: This Power System update is being released to address CVE-2022-4304

2024-03-27 20:44:49

veracode

Timing Attack

2023-02-10 13:05:03

K000132943 : OpenSSL vulnerability CVE-2022-4304

2023-03-13 00:00:00

ics

Siemens OpenSSL RSA Decryption in SIMATIC

2023-08-10 12:00:00

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)

2024-06-04 12:00:00

Mitsubishi Electric Factory Automation Products

2024-01-04 12:00:00

githubexploit

Exploit for Observable Discrepancy in Openssl

2023-04-24 07:15:33

wolfi

CVE-2022-4304 vulnerabilities

2024-06-29 09:08:33

ubuntucve

CVE-2022-4304

2023-02-07 00:00:00

cve

CVE-2022-4304

2023-02-08 20:15:23

nvd

CVE-2022-4304

2023-02-08 20:15:23

redhat

(RHSA-2023:3408) Moderate: openssl security update

2023-05-31 18:25:53

(RHSA-2023:4128) Important: edk2 security update

2023-07-18 07:19:33

(RHSA-2023:3420) Important: Red Hat JBoss Web Server 5.7.3 release and security update

2023-06-05 13:52:35

amazon

Important: openssl

2023-02-03 23:39:00

Important: openssl

2023-02-03 19:19:00

Important: openssl11

2023-02-03 19:19:00

freebsd_advisory

FreeBSD-SA-23:03.openssl

2023-02-16 00:00:00

almalinux

Important: openssl security update

2023-03-22 00:00:00

Important: edk2 security update

2023-05-16 00:00:00

oraclelinux

edk2 security update

2023-12-06 00:00:00

edk2 security update

2023-12-06 00:00:00

edk2 security update

2023-05-24 00:00:00

freebsd

FreeBSD -- Multiple vulnerabilities in OpenSSL

2023-02-16 00:00:00

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1t-alt1

2023-02-20 00:00:00

Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1t-alt1

2023-02-10 00:00:00

redos

ROS-20230418-05

2023-04-18 00:00:00

fedora

[SECURITY] Fedora 37 Update: edk2-20221117gitfff6d81270b5-13.fc37

2023-02-16 02:06:48

[SECURITY] Fedora 36 Update: edk2-20221117gitfff6d81270b5-14.fc36

2023-03-05 00:54:06

rocky

openssl security update

2023-03-28 13:07:30

slackware

[slackware-security] openssl

2023-02-07 20:57:57

photon

Important Photon OS Security Update - PHSA-2023-3.0-0530

2023-02-10 00:00:00

debian

[SECURITY] [DLA 3325-1] openssl security update

2023-02-20 11:11:21

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for RH:CVE-2022-4304