Today, the OpenSSL Project released a new version of OpenSSL (v3.0.7). Last week’s early announcement indicated at first this was a CRITICAL vulnerability and included a fix for it. There was various chatter that this recent disclosure could be potentially similar to HEARTBLEED , but after today’s announcement the issue was downgraded from CRITICAL to HIGH.Two vulnerabilities were disclosed, both are X.509 Email Address Buffer Overflows, and are vulnerable to denial of service attacks and the other, remote code execution.Why is this Significant?This is significant because the critical vulnerability exists in OpenSSL which is a widely adopted cryptographical toolkit used to achieve secure communications over the internet. Past critical vulnerabilities in OpenSSL resulted in remote code execution and information leaks, where the highest profile disclosure was HeartBleed back in 2014. What are the Details of the Critical Vulnerability in OpenSSL?Disclosed today by OpenSSL are two vulnerabilities:CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service).Are there Reports of Exploitation in the Wild?According to OpenSSL, no.What is the CVE Assignment for the Vulnerability?CVE-2022-3602 and CVE-2022-3786 have been assigned to these vulnerabilities.What is the CVSS score?According to OpenSSL, they do not provide CVSS scores.What is the Status of Protection?There is no information available to allow FortiGuard Labs to investigate protection. We are monitoring the situation closely and will update this Threat Signal when protection information becomes available. For further information on products affected by this latest disclosure, please reference the OpenSSL3 critical vulnerability from Fortinet PSIRT in the Appendix section.Any Recommended Mitigation?OpenSSL suggests users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied. FortiGuard Labs highly recommends organizations utilizing OpenSSL update OpenSSL to version 3.0.7.
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...