GHSA-52xf-5p2m-9wrv: s2n-tls has a potentially observable differences in RSA premaster secret handling

June 6, 2024

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this causes a small timing difference which could theoretically be used as described in the Marvin Attack [1].

We would like to thank Hubert Kario [2] for reporting this issue.

References

github.com/advisories/GHSA-52xf-5p2m-9wrv
github.com/aws/s2n-tls
github.com/aws/s2n-tls/commit/114ccab0ff2cde491203ac841837d0d39b767412
github.com/aws/s2n-tls/releases/tag/v1.4.16
github.com/aws/s2n-tls/security/advisories/GHSA-52xf-5p2m-9wrv

Detect and mitigate GHSA-52xf-5p2m-9wrv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →