{ "threat_severity" : "Moderate", "public_date" : "2020-06-30T00:00:00Z", "bugzilla" : { "description" : "nss: ECDSA timing attack mitigation bypass", "id" : "1851294", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1851294" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-327", "details" : [ "During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.", "A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality." ], "statement" : "This is a side channel attack which can used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "acknowledgement" : "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Cesar Pereida Garcia and the Network and Information Security Group (NISEC) as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4076", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nspr-0:4.25.0-2.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4076", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nss-0:3.53.1-3.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4076", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nss-softokn-0:3.53.1-6.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4076", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nss-util-0:3.53.1-1.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-02-16T00:00:00Z", "advisory" : "RHSA-2021:0538", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nss-0:3.53.1-17.el8_3" }, { "product_name" : "Red Hat OpenShift Do", "release_date" : "2021-03-22T00:00:00Z", "advisory" : "RHSA-2021:0949", "cpe" : "cpe:/a:redhat:openshift_do:1.0::el7", "package" : "openshiftdo/odo-init-image-rhel7:1.1.3-2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "nss", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "nss", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-12401\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12401\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes" ], "name" : "CVE-2020-12401", "mitigation" : { "value" : "This is a side channel attack which can used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "lang" : "en:us" }, "csaw" : false }