Users of the popular open source OpenSSL version 3.0.4 cryptographic library are advised by its maintainers to upgrade their installations, to fix a high severity bug that can be exploited by attackers to run code remotely.
The vulnerability introduced in OpenSSL 3.0.4 stems from a faulty RSA cryptography implementation, and is tracked as CVE-2022-2274.
On systems with X86_64 architecture processors that support Intel's Advanced Vector 512 (AVX-512) single instruction, multiple data with integer fused multiply accumulator operations, computing RSA 2048 bit private keys has been incorrectly implemented incorrectly, leading to memory corruption.
"As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computing," the OpenSSL maintainers said in their advisory.
PhD student Xi Ruoyao found the bug, which does not affect OpenSSL 1.1.1 and 1.0.2.
Xi reported the vulnerability to OpenSSL and developed a fix for it.
Users are advised to upgrade to OpenSSL 3.0.5, which also contains a fix for for a moderate severity data leak issue that could reveal sixteen bytes of unencrypted data.
The flaw affects the Advanced Encryption Standard Offset Cookbook Mode (AES OCB) on 32-bit x86 computers using the AES-NI assembly optimised implementation, and affects OpenSSL 1.1.1 and 3.0.
Users of those versions are advised to upgrade to OpenSSL 1.1.1q and 3.0.5 respectively.
The release also fixes a second bug, CVE-2022-2097, reported by Google’s Alex Chernyakhovsky. In some circumstances, 16 bytes of data in memory could be revealed as plaintext.
Update The above memory corruption bug was analysed by Guido Vranken at the end of June this year, with the security researcher staying it could be trivially triggered by an attacker.
The bug has sparked discussion among security researchers about whether or not it's a remotely exploitable vulnerability, or a flaw causing a denial of service condition, both of which are deemed serious issues.
Speaking to iTnews, Vranken explained that remote code execution due to the bug is a possibility.
"Perhaps this person thinks that because a private key is involved (which the attacker does not know), the attacker definitely cannot control the bytes with which the memory is overwritten, which is generally a precondition for memory corruption RCE." Vranken said.
"However in my blog post I show that the bytes which are written to memory are:
- mostly independent of the private key and other variables which the attacker definitely cannot know or control.
- mostly dependent on variables which the attacker may be able to know or control." he added.
"This still is not proof of RCE but it also shows that it cannot be ruled out completely, and the assessment in the advisory is correct in my opinion," Vranken concluded.
