ALPINE-CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | openssl | 1.1.1d-r1, 3.0.0-r3, 3.0.0-r2 |
| Alpine:v3.15 | openssl | 1.1.1l-r3, 1.1.1l-r2, * |
| Alpine:v3.15 | openssl3 | 1.1.1-r3, *, 0 |
| Alpine:v3.20 | openssl | 1.1.1i-r0, 1.1.1h-r0, 1.1.1f-r0 |
| Alpine:v3.18 | openssl | 1.1.1d-r1, 0, 1.1.1-r0 |
| Alpine:v3.14 | openssl | 1.1.1n-r0, 1.0.2, 1.1.1 |
| Alpine:v3.23 | openssl | 3.0.5-r1, 1.1.1-r0, 1.1.1-r1 |
| Alpine:v3.22 | openssl | 1.1.1-r2, 1.1.1-r3, 1.1.1-r4 |
| Alpine:v3.17 | openssl | *, 1.1.1-r0, 1.1.1-r1 |
| Alpine:v3.24 | openssl | 1.0.2 |
| Alpine:v3.16 | openssl3 | 1.1.1e-r0, 1.1.1g-r0, 1.1.1h-r0 |
| Alpine:v3.16 | openssl | 1.1.1l-r2, 1.1.1l-r3, 1.1.1l-r4 |
| Alpine:v3.21 | openssl | 1.1.1, 1.1.1, 1.1.1 |
Timeline
- Feb 8, 2023 CVE Published
- Apr 30, 2026 Distribution Patch
- Jul 8, 2026 CVE Updated