CVE-2023-51939
📋 TL;DR
A vulnerability in the cp_bbs_sig function of Relic relic-toolkit 0.6.0 allows remote attackers to extract sensitive information through fault injection attacks, potentially leading to privilege escalation. This affects systems using the Relic cryptographic library for BBS signature operations. The vulnerability stems from improper input validation (CWE-74) that leaks cryptographic secrets.
💻 Affected Systems
- relic-toolkit
📦 What is this software?
Relic by Relic Project
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of cryptographic keys, enabling impersonation, data decryption, and full system takeover in applications relying on BBS signatures for authentication.
Likely Case
Extraction of private signing keys, allowing attackers to forge signatures, bypass authentication, and potentially access protected resources.
If Mitigated
Limited impact if proper network segmentation, monitoring, and least privilege principles are implemented, though cryptographic integrity remains compromised.
🎯 Exploit Status
Exploitation requires fault injection capabilities (like voltage glitching) to trigger the vulnerability, making it more complex than pure software attacks but demonstrated in proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.6.1 or later
Vendor Advisory: https://github.com/relic-toolkit/relic/issues/284
Restart Required: Yes
Instructions:
1. Update relic-toolkit to version 0.6.1 or later. 2. Recompile any applications using the library. 3. Restart services using the updated library.
🔧 Temporary Workarounds
Disable BBS Signature Usage
allTemporarily disable or remove code that calls the cp_bbs_sig function until patching is complete.
# Review application code and comment out/remove calls to cp_bbs_sig
🧯 If You Can't Patch
- Isolate systems using relic-toolkit behind strict network controls and monitor for unusual signature verification failures.
- Implement additional authentication layers independent of BBS signatures to reduce reliance on the vulnerable component.
🔍 How to Verify
Check if Vulnerable:
Check if relic-toolkit version 0.6.0 is installed and if applications use the cp_bbs_sig function. Review source code or binary analysis for function calls.Check Version:
pkg-config --modversion relic || grep 'RELIC_VERSION' in source/build filesVerify Fix Applied:
Verify relic-toolkit version is 0.6.1 or later using version check commands and ensure applications are recompiled with the updated library.📡 Detection & Monitoring
Log Indicators:
- Unexpected application crashes during signature operations
- Multiple failed signature verifications from single sources
- Error logs mentioning cp_bbs_sig or BBS functions
Network Indicators:
- Unusual traffic patterns to services using BBS signatures
- Repeated authentication attempts with varying signature data
SIEM Query:
source="application_logs" AND ("cp_bbs_sig" OR "BBS" OR "signature verification failed")🔗 References
- https://gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f
- https://github.com/liang-junkai/Relic-bbs-fault-injection
- https://github.com/relic-toolkit/relic/issues/284
- https://gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f
- https://github.com/liang-junkai/Relic-bbs-fault-injection
- https://github.com/relic-toolkit/relic/issues/284
