On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 Heartbleed bug. No information was released at the time about the nature of the flaw, other than it being a critical flaw in OpenSSL versions 3.0-3.0.6, and that a patch was due to be released on November 1 between 13:00 and 17:00 UTC.
The OpenSSL Project has now confirmed that two vulnerabilities have been identified and patched, but the bugs are not as severe as first thought. One of the bugs can lead to remote code execution; however, exploiting the flaws is difficult and would require a high degree of technical skill. The OpenSSL Project has announced that the severity of the flaws has been downgraded to high severity, with each assigned a CVSS v3 severity score of 8.8 out of 10.
The vulnerabilities only affect OpenSSL version 3.0 to 3.0.6 and are tracked as:
- CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
- CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow
Fortunately, the vulnerable OpenSSL versions are new releases and have not been used in many production systems to date. Estimates suggest they have only been used in up to 16,000 Internet-accessible systems – a very small subset of OpenSSL deployments. While many operating systems may not use these vulnerable versions, they may be used by applications. A list is being maintained here of all systems known to use the vulnerable versions.
Exploitation of the flaw would be challenging. For example, CVE-2022-3602 could be exploited by using a malicious long email address in an encryption certificate, which would overflow four attacker-controlled bytes on the stack. That would most likely result in a crash but could potentially lead to remote code execution after the certificate is validated. According to the advisory, to achieve RCE, “either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.”
CVE-2022-3786 could be triggered in name constraint checking in certificate verification if an attacker craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service),” said OpenSSL. “This occurs after certificate chain signature verification.”
The conditions required to exploit the flaw and the high degree of technical skill required mean widespread exploitation is unlikely; that said, RCE could be achieved so updates are required. The OpenSSL Project explained that the bug was initially thought to be critical because, “OpenSSL is distributed as source code, we have no way of knowing how every platform and compiler combination has arranged the buffers on the stack, and therefore remote code execution may still be possible on some platforms.”
After performing testing of the flaw and analyzing the technical details, the flaws failed to meet the criteria for a critical, as it did not appear that remote code execution was likely in common situations. The vulnerabilities have been fixed in OpenSSL version 3.0.7