CVE-2023-4421: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in NSS (Network Security Service) library, identified as CVE-2023-4421. The issue involved information leakage through timing side-channels in PKCS#1 v1.5 decryption depadding code. The vulnerability was fixed in NSS version 3.61, released on January 22, 2021, although the disclosure was embargoed until December 2023 (Mozilla Advisory).

The vulnerability stemmed from NSS code used for checking PKCS#1 v1.5, which leaked information through timing side-channels. The leakage occurred in two aspects: the overall correctness of the padding and the length of the encrypted message. The issue was addressed by implementing the implicit rejection algorithm, where NSS returns a deterministic random message when invalid padding is detected, as proposed in the Marvin Attack paper (Mozilla Advisory, Snyk).

The vulnerability could allow an attacker to decrypt previously intercepted PKCS#1 v1.5 ciphertexts, such as TLS sessions that used RSA key exchange, or forge signatures using the victim's key. The attack could be executed in less than 24 hours for a local network attack against a 2048-bit key (Mozilla Advisory).

The vulnerability was fixed in NSS version 3.61 by implementing the implicit rejection algorithm. This solution ensures that NSS returns a deterministic random message when invalid padding is detected, effectively preventing the timing side-channel attack (Mozilla Advisory).