CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.4 | $0-$5k | 0.04 |
A vulnerability, which was classified as problematic, was found in OpenSSL up to 1.0.2zf/1.1.1s/3.0.7 (Network Encryption Software). Affected is an unknown code of the component RSA Decryption. The manipulation with an unknown input leads to a timing discrepancy vulnerability. CWE is classifying the issue as CWE-208. Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. This is going to have an impact on confidentiality.
The weakness was published 02/07/2023. The advisory is available at openssl.org. This vulnerability is traded as CVE-2022-4304. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 03/06/2023). This vulnerability is assigned to T1592 by the MITRE ATT&CK project.
Upgrading to version 1.0.2zg, 1.1.1t or 3.0.8 eliminates this vulnerability.
Product
Type
Name
Version
- 1.0.2za
- 1.0.2zb
- 1.0.2zc
- 1.0.2zd
- 1.0.2ze
- 1.0.2zf
- 1.1.1
- 1.1.1a
- 1.1.1b
- 1.1.1c
- 1.1.1d
- 1.1.1e
- 1.1.1f
- 1.1.1g
- 1.1.1h
- 1.1.1i
- 1.1.1j
- 1.1.1k
- 1.1.1l
- 1.1.1m
- 1.1.1n
- 1.1.1o
- 1.1.1p
- 1.1.1q
- 1.1.1r
- 1.1.1s
- 3.0.0
- 3.0.1
- 3.0.2
- 3.0.3
- 3.0.4
- 3.0.5
- 3.0.6
- 3.0.7
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.5VulDB Meta Temp Score: 4.4
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Timing discrepancyCWE: CWE-208 / CWE-203 / CWE-200
ATT&CK: T1592
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: OpenSSL 1.0.2zg/1.1.1t/3.0.8
Timeline
12/06/2022 🔍02/07/2023 🔍
02/07/2023 🔍
03/06/2023 🔍
Sources
Product: openssl.orgAdvisory: openssl.org
Status: Confirmed
CVE: CVE-2022-4304 (🔍)
Entry
Created: 02/07/2023 18:43Updated: 03/06/2023 09:17
Changes: 02/07/2023 18:43 (38), 03/06/2023 09:13 (2), 03/06/2023 09:17 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.