The OpenSSL maintainers have released new versions of the library that fix several vulnerabilities, including a high-severity bug in the way that the library handles X.509 certificates that could allow an attacker to read the memory of a target server.
The new releases address various bugs in the 3.0.0, 1.1.1, and 1.0.2 branches of OpenSSL, and while most of the vulnerabilities are moderate or low severity, the one high-severity flaw could pose some problems for users. That bug (CVE-2023-0286) is a type confusion vulnerability in the X.400 address processing of the X.509 GeneralName type.
“X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING,” the OpenSSL advisory says.
“When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.”
This vulnerability is fixed in versions 3.0.8, 1.1.1t, and 1.0.2zg.
One of the other vulnerabilities fixed in the new releases is a timing-based side channel attack that could allow an attacker to recover plaintext messages sent over the network. This is a well-known technique known as a Bleichenbacher attack that involves sending a large number of test messages to a target server and time how long it takes the server to respond.
“For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection,” the advisory says.
There is also a buffer overflow (CVE-2022-4203) in the 3.0.0 branch of OpenSSL that can be triggered during the process of X.509 certificate verification.
“The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory,” the advisory says.
“In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.”