published Correcting release of the cryptographic library opensl 3.0.7 , in which two vulnerabilities . Both problems caused overflow of the buffer in the field check with email addresses In certificates X.509 and potentially can lead to the implementation of the code when processing a specially designed certificate. At the time of publication of the correction of the OpensSL developers, there were no facts of the presence of a working exploit capable of leading the attacker’s code. -SecURITY/2022/10/25/4 “> announcement of the new issue mentioned the presence of a critical problem, in fact, in the released update the status of vulnerability was reduced to the level of a dangerous but not a critical problem. In accordance with the rules Rules in case of manifestation of the problem in atypical configurations or in the project In case of low probability of exploitation of vulnerability in practice.
In the case under consideration, the level of danger was reduced, since the operation of vulnerability is blocked by the mechanisms of protection against stack overflow used in many platforms.
Identified problems:
- cve-2022-3602 -originally presented as critical, leads to 4- Bytic overflow of the buffer when checking in a certificate of X.509 fields with a specially designed email address. In a TLS client, vulnerability can be operated when connecting to a server that is controlled. On the TLS server, vulnerability can be operated in the case of customer authentication by certificates. At the same time, vulnerability is manifested at the stage after verification related to the certificate of the confidence chain, i.e. For an attack, a certification center is required to assure the malicious certificate of the attacker.
- cve-2022-3786 -another vector of operation of vulnerabilities CVE-2022-3602, identified During the analysis of the problem. Differences are reduced to the possibility of overflowing the buffer in the stack to an arbitrary number of bytes containing a symbol. “”. The problem can be used to call an emergency completion of the application.
vulnerabilities are manifested only in the Opensl 3.0.x branch, Opensl 1.1.1 issues, as well as Libressl and Boringssl library and Boringssl, are not susceptible to the problem. At the same time, formed OpenSSL 1.1S update, in which only unrelated to safety error corrections.