OpenSSL Drops Update Resolving “High Severity” Denial of Service Issue in Ubiquitous Crypto Library


Adam Bannister Mar 16, 2022 at 10:22 UTC

Updated: Mar 16, 2022 10:23 UTC

The race is on for downstream application maintainers

The maintainers of OpenSSL, the open-source library used by millions of web applications to encrypt communications, have released updates fixing a “high” severity denial of service (DoS) vulnerability.

This issue, which stems from the way OpenSSL parses certificates, affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and was resolved with the release of 1.0.2zd, 1.1.1n, and 3.0.2 yesterday (15 March) afternoon .

Disclosure has serious implications for the supply chain as, according to builtWithOpenSSL provides Transport Layer Security (TLS) for at least 2.7 million active websites.

‘loop forever’

The software crash bug exposes cryptographic subsystems to risk from malicious certificates.

“The function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli,” says an OpenSSL security consulting.

“Internally, this function is used when parsing certificates containing elliptic curve public keys in compressed form or explicit elliptic curve parameters with an encoded basepoint in compressed form.”

Keep up to date with the latest internet infrastructure news

The infinite loop can be triggered by creating a certificate with invalid explicit curve parameters, according to the OpenSSL project.

“Since certificate analysis takes place before certificate signature verification, any process that analyzes an externally provided certificate” is therefore at risk of a DoS attack. “The infinite loop can also be achieved when parsing crafted private keys because they may contain explicit elliptic curve parameters.”

Vulnerable scenarios

Applications were potentially vulnerable to exploitation when TLS clients or servers apply server certificates, if hosts accept certificates or private keys from clients, or when certificate authorities parse certificate requests from subscribers.

Anything else that parses ASN.1 elliptic curve parameters is also potentially at risk, along with “applications that use where the attacker can control parameter values.”

Although the version 1.0.2 update – 1.0.2zd – is reserved for premium users, the flaw is more difficult to exploit with this version because “the public key is not scanned during the initial analysis of the certificate, which makes it slightly more difficult to trigger the infinite loop”.

Nonetheless, “any operation that requires the certificate’s public key will trigger the infinite loop,” the advisory continues, with attackers able to use a self-signed certificate to trigger the loop during verification.

Node.js updates incoming

The race is on for downstream application maintainers, who have received prior warning incoming updates on March 8, to gauge their potential impact and the urgency with which they need to update their own frameworks.

This includes the Node.js JavaScript runtime, which warned its own users yesterday (March 14) that it “may release new versions to all of its supported release lines at the end of this week to incorporate OpenSSL upstream fixes” once technical details landed.

DO NOT MISS Node.js security: Parse Server remote code execution vulnerability fixed

“After assessing the impact on Node.js, it will be decided whether resolved issues require immediate security releases of Node.js, or if they can be included in normally scheduled updates,” according to a Node. js. advisory.

The Node.js project promised to provide more details within 24 hours of the OpenSSL release, via the nodejs-sec Google Group, although at the time of writing more information has yet to surface.

The security flaw was reported to OpenSSL on February 24, 2022 by Tavis Ormandy of Google.

The most damaging OpenSSL library bug to date remains the infamous Heartbleed Vulnerability of 2014 that gave attackers access to secret keys, passwords and sensitive personal information.

RELATED Encryption issues represent a minority of flaws in encryption libraries – research


Comments are closed.