Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
During the conversion of OCTET STRING values to hex strings, the required buffer size is calculated as the product of input data length multiplied by 3. On 32-bit platforms, this multiplication can cause an integer overflow, resulting in allocation of a buffer that is too small, followed by a write beyond its boundaries (heap buffer overflow). An attacker can provide a crafted X.509 certificate containing an excessively large OCTET STRING value in extensions such as Subject Key Identifier (SKID) or Authority Key Identifier (AKID). The vulnerability is triggered when an application or service displays or logs the contents of an untrusted X.509 certificate.
An attacker can cause an application processing a certificate to crash or—under specific circumstances—achieve arbitrary code execution (RCE) or other undefined behavior. Only 32-bit platforms are affected.
Apply patches available from the vendor according to the references (commits published in the OpenSSL GitHub repository). If immediate updating is not possible, avoid logging or displaying the contents of untrusted X.509 certificates on 32-bit platforms.
OpenSSL on 32-bit platforms—applications and services printing or logging the contents of untrusted X.509 certificates. FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected because the vulnerable code is outside the FIPS module boundary. Specific vulnerable versions are indicated in the vendor's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenSSL
APPOpenssl3.0.0 – 3.0.20 (bez)3.3.0 – 3.3.7 (bez)3.4.0 – 3.4.5 (bez)3.5.0 – 3.5.6 (bez)3.6.0 – 3.6.2 (bez)
Related vulnerabilities
OpenSSL CMS AuthEnvelopedData — niewystarczająca walidacja wejścia umożliwia atak oracle i bypass integralnośc...
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AV...
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt()....
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certif...
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows r...