A security hole has been found in OpenSSL, which has now been addressed with a fix. The discovered vulnerability, if exploited, might result in a service outage causing the exposed server to crash.
OpenSSL has issued a security update to address a flaw in its library, which, if exploited, would result in Denial of Service (DoS) conditions and remote server crashes.
Finding such a vulnerability within OpenSSL is a serious issue primarily as OpenSSL is one of the most well-known open-source encryption systems used to secure SSL/TLS (Secure Socket Layer and Transport Layer Security) communications for online platforms’ certification and encrypted conversation. As a result, any flaw in the library has a significant impact.
The problem encountered in OpenSSL
The problem, represented as CVE-2022-0778 (CVSS score: 7.5), is a flaw in the analysis of certificates with invalid elliptic curve explicit parameters and would reside in a function called “BN_mod_sqrt”. The function is often used to compute square roots module n within the certificate analysis phases.
Calling this function from an unsanctioned channel may result in an infinite loop when processing roots with non-prime modules, resulting in a Denial of Service. Any other program that uses this function and allows a potential attacker to check parameter values would be susceptible to the same issue.
“The BN_mod_sqrt() function, which calculates a modular square root, has a flaw that can cause a loop in non-prime modules. This function is utilized when interpreting certificates with elliptic curve public keys […]. It’s easy to generate a certificate with bogus explicit curve parameters that will activate the infinite loop.” According to an OpenSSL security advisory dated March 15th, “OpenSSL
It is possible to create an invalid explicit curve parameter certificate that would trigger the infinite loop.
OpenSSL versions 1.0.2, 1.1.1, and 3.0 are susceptible to a severe vulnerability that would allow attackers to modify or create arbitrary certificates under specific conditions.
Possible attack scenarios
Although there is no evidence that the vulnerability was exploited in practice, as confirmed by CSIRT Italy, there are several cases in which it might still be utilized such as:
- When TLS clients or servers exchange certificates, this is known as certificate reciprocity.
- When hosting providers obtain client certificates or private keys, it’s called certificate theft.
- When certification authorities examine subscriber certification requests,
- The parameters of the elliptic curve ASN.1 go through careful analysis in all situations.
The discovery and fix of the bug
While Google Project Zero security researcher Tavis Ormandy was credited for discovering the vulnerability, Google experts David Benjamin and OpenSSL’s Tomáš Mráz were in charge of remedying it.
Unfortunately, however, the CVE-2022-0778 flaw is not OpenSSL’s first problem this year. In fact, a moderate severity vulnerability CVE-2021-4160 (CVSS score of 5.9) was resolved in January that affected the library’s MIPS32 and MIPS64 squaring methods.
The security measures are taken by OpenSSL
The vulnerability was discovered in OpenSSL version 1.0.2zd (for premium support only), 1.1.1n, and 3.0.2 (excluding all versions prior to 1.1.1, which are no longer supported).
The library developers are urging users of the latest version to upgrade to openSSL 3.0 or 1.1.1. It is therefore advisable to regularly update individual projects as soon as possible with the security patches provided by the vendors, reported on their official pages.