Lucene search

K
thnThe Hacker NewsTHN:FCE22D016F94C21A80BD7028DAAF7717
HistoryFeb 09, 2023 - 9:51 a.m.

OpenSSL Fixes Multiple New Security Flaws with Latest Update

2023-02-0909:51:00
The Hacker News
thehackernews.com
122
openssl
security updates
x.509 certificates
type confusion
crl
buffer overflow
timing attack
double free
use-after-free
null dereference
data verification
side-channel attack

EPSS

0.006

Percentile

79.4%

OpenSSL

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks.

Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to “read memory contents or enact a denial-of-service,” the maintainers said in an advisory.

The vulnerability is rooted in the way the popular cryptographic library handles X.509 certificates, and is likely to impact only those applications that have a custom implementation for retrieving a certificate revocation list (CRL) over a network.

“In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature,” OpenSSL said. “If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon.”

Type confusion flaws could have serious consequences, as they could be weaponized to deliberately force the program to behave in unintended ways, possibly causing a crash or code execution.

The issue has been patched in OpenSSL versions 3.0.8, 1.1.1t, and 1.0.2zg. Other security flaws addressed as part of the latest updates include:

  • CVE-2022-4203 - X.509 Name Constraints Read Buffer Overflow
  • CVE-2022-4304 - Timing Oracle in RSA Decryption
  • CVE-2022-4450 - Double free after calling PEM_read_bio_ex
  • CVE-2023-0215 - Use-after-free following BIO_new_NDEF
  • CVE-2023-0216 - Invalid pointer dereference in d2i_PKCS7 functions
  • CVE-2023-0217 - NULL dereference validating DSA public key
  • CVE-2023-0401 - NULL dereference during PKCS7 data verification

Successful exploitation of the above shortcomings could lead to an application crash, disclose memory contents, and even recover plaintext messages sent over a network by taking advantage of a timing-based side-channel in what’s a Bleichenbacher-style attack.

The fixes arrive nearly two months after OpenSSL plugged a low-severity flaw (CVE-2022-3996) that arises when processing an X.509 certificate, resulting in a denial-of-service condition.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.