OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

2
3292

Overview

After a week of speculation about OpenSSL vulnerabilities, the OpenSSL project disclosed two new CVEs to address buffer overrun vulnerabilities in its cryptographic library that could trigger crashes or lead to remote code execution (RCE).

Here is an overview of both vulnerabilities and mitigation techniques organizations should consider.

Vulnerabilities

  • CVE-2022-3602 is a 4-byte stack buffer overflow that could trigger crashes or be leveraged for RCE.
  • CVE-2022-3786 is a buffer overflow that can trigger a denial-of-service (DoS) state through crashes.
  • OpenSSL version 3.0.0 through 3.0.6 are affected by both vulnerabilities.
  • Both vulnerabilities are caused by incorrect constraint checking of the email address field during the validation of X.509 client certificates.
  • The vulnerabilities could potentially be exploited via malicious TLS certificates
  • Because OpenSSL 3.0 was only recently FIPS certified (August 23, 2022), many vendors that have FIPS certifications are using OpenSSL version 1.x, which is not affected by the vulnerabilities.
  • The vulnerability only affects services and client implementations that perform X.509 certificate validation through the OpenSSL cryptographic library.

Risk

Several non-trivial conditions need to be met for successful exploitation.

  • Modern application runtimes contain stack overflow protections, and as such, the risk for RCE or DoS is low, though not zero.
  • At the time of publication, there are no public proofs-of-concept available or reports of exploitation in the wild for either of these flaws.
  • To impact web services, the maliciously crafted certificate would have to be signed by the web services’ CA certificate. Without obtaining a valid CA certificate, the client certificate validation will be stopped higher up in the certificate chain.
  • Client applications can be impacted when visiting servers using maliciously crafted certificates. Though expected to be very slim, there might be a risk for RCE on the client side. A server certificate must be signed by a valid CA, so unless a legitimate server was compromised or the client was tricked into browsing a malicious server, there should not be an immediate risk.

Impacted Software & Devices

Any application or device, from messaging clients and web browsers on desktop and mobile, network attached storage (NAS) devices and security gateways, up to server software and online services that leverage OpenSSL 3.x and provide certificate-based authentication.

Mitigations

  • Update to OpenSSL version 3.0.7
  • Contact your product vendors and update any software or appliances leveraging OpenSSL version 3.0.0 up to 3.0.6
  • If no certificate validation is required, disabling certificate validation will mitigate the vulnerability.
  • If timely updating is not possible, the following steps will alleviate the urgency of patching:
    • fronting the affected services
    • disabling certificate validation in the service
    • moving the certificate validation to a reverse proxy running an unaffected or patched version of OpenSSL

More Information

Radware Product Exposure(s)

Previous article6 Ways Bot Attacks Can Spoil Your Black Friday
Next articleUkraine’s Response to Cyber Threats a Model in DDoS Prevention
As the Director, Threat Intelligence for Radware, Pascal helps execute the company's thought leadership on today’s security threat landscape. Pascal brings over two decades of experience in many aspects of Information Technology and holds a degree in Civil Engineering from the Free University of Brussels. As part of the Radware Security Research team Pascal develops and maintains the IoT honeypots and actively researches IoT malware. Pascal discovered and reported on BrickerBot, did extensive research on Hajime and follows closely new developments of threats in the IoT space and the applications of AI in cyber security and hacking. Prior to Radware, Pascal was a consulting engineer for Juniper working with the largest EMEA cloud and service providers on their SDN/NFV and data center automation strategies. As an independent consultant, Pascal got skilled in several programming languages and designed industrial sensor networks, automated and developed PLC systems, and lead security infrastructure and software auditing projects. At the start of his career, he was a support engineer for IBM's Parallel System Support Program on AIX and a regular teacher and presenter at global IBM conferences on the topics of AIX kernel development and Perl scripting.

2 COMMENTS

  1. By connecting to a server with a certificate that has been maliciously created and signed, the vulnerability in TLS clients can be exploited. This only affects a TLS server if it uses client authentication and a client connects with a certificate that has been maliciously crafted.

LEAVE A REPLY

Please enter your comment!
Please enter your name here