CVE-2023-45287 in Google
Summary
by MITRE • 12/05/2023
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/23/2025
The vulnerability described in CVE-2023-45287 represents a critical timing side channel issue within the Go programming language's TLS implementation prior to version 1.20. This flaw specifically affects RSA-based TLS key exchanges where the cryptographic operations were not executed in constant time, creating potential avenues for attackers to infer sensitive information through timing analysis. The vulnerability resides in the math/big library's handling of RSA operations within the crypto/tls package, which is a fundamental component of secure communications in numerous Go applications and services.
The technical implementation flaw stems from the non-constant time execution of RSA operations during TLS key exchange processes. While RSA blinding was implemented as a mitigation technique to prevent timing attacks, analysis has revealed that this protection was insufficient. The specific weakness occurs during the removal of PKCS#1 padding, where timing variations can leak information about the session key bits. This timing leakage represents a classic side channel attack vector that aligns with CWE-388, which catalogs errors related to improper handling of side channels in cryptographic implementations. The vulnerability demonstrates how seemingly protective measures can still leave exploitable gaps in cryptographic security.
The operational impact of this vulnerability extends across numerous applications and services that rely on Go's standard TLS implementation for secure communications. Attackers with sufficient access to measure timing variations during TLS handshakes could potentially reconstruct session keys, compromising the confidentiality of encrypted communications. This issue affects systems where Go applications handle sensitive data over TLS connections, including web servers, API gateways, and any service that utilizes Go's crypto/tls library for secure transport. The vulnerability's presence in versions prior to Go 1.20 means that a substantial portion of the Go ecosystem was potentially exposed to this timing side channel attack vector, making it a widespread concern for security professionals managing Go-based infrastructure.
The remediation for CVE-2023-45287 involves upgrading to Go version 1.20 or later, where the crypto/tls library has been updated to implement fully constant time RSA operations. This fix addresses the root cause by ensuring that all RSA mathematical operations execute with consistent timing regardless of input values, eliminating the timing side channels that previously existed. Organizations should prioritize this upgrade across their Go-based systems, particularly those handling sensitive data or operating in environments where timing attacks might be feasible. The implementation of constant time cryptographic operations in Go 1.20 aligns with best practices recommended by security frameworks and addresses the specific timing vulnerabilities identified in the ATT&CK framework's cryptographic operations techniques, specifically targeting the use of timing attacks against cryptographic implementations.