blob: c4988f1819f3585b5ca59af547232fefd50c07e4 [file] [log] [blame]
id: GO-2023-1709
modules:
- module: github.com/hashicorp/vault
versions:
- fixed: 1.11.9
- introduced: 1.12.0
fixed: 1.12.5
- introduced: 1.13.0
fixed: 1.13.1
vulnerable_at: 1.13.0
packages:
- package: github.com/hashicorp/vault/shamir
symbols:
- div
- mult
derived_symbols:
- Combine
- Split
summary: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault
description: |-
HashiCorp Vault's implementation of Shamir's secret sharing uses precomputed
table lookups, and is vulnerable to cache-timing attacks.
An attacker with access to, and the ability to observe a large number of unseal
operations on the host through a side channel may reduce the search space of a
brute force effort to recover the Shamir shares.
cves:
- CVE-2023-25000
ghsas:
- GHSA-vq4h-9ghm-qmrr
credits:
- Giuseppe Cocomazzi
references:
- fix: https://github.com/hashicorp/vault/pull/19495
- web: https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078
review_status: REVIEWED