[German]A vulnerability CVE-2022-2274 exists in OpenSSL that could lead to heap memory corruption with RSA private key operations. It affects OpenSSL 3.0.4 and the vulnerability is rated High in severity. A second vulnerability CVE-2022-2097 causes AES OCB to fail to encrypt some bytes. This vulnerability is rated Moderate.
Advertising
I became aware of the issue via the following tweet, which is described in this OpenSSL Security Advisory.
Vulnerability CVE-2022-2274: Heap memory corruption
OpenSSL 3.0.4 contains a fatal flaw in the RSA implementation for X86_64 CPUs that support the AVX512IFMA instructions. This issue causes an incorrect RSA implementation for 2048-bit private keys. As a result, memory corruption occurs during computation, which may allow an attacker to force remote code execution on the machine performing the computation.
SSL/TLS servers or other servers that use private 2048-bit RSA keys and run on machines that support AVX512IFMA instructions on the X86-64 architecture are affected by this issue. Users of OpenSSL 3.0.4 should upgrade to OpenSSL 3.0.5. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Vulnerability CVE-2022-2097: AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES NI assembly-optimized implementation may fail to encrypt all data. This could expose sixteen bytes of data that was already in memory and not written. In the specific case of "in place" encryption, sixteen bytes of plaintext would be exposed. The vulnerability is rated as moderate.
Advertising
Since OpenSSL does not support OCB-based cipher suites for TLS and DTLS, neither is affected. This issue affects versions 1.1.1 and 3.0, and was fixed in versions 1.1.1q and 3.0.5 on July 5, 2022. Users of OpenSSL 1.1.1 should upgrade to 1.1.1q. Users of OpenSSL 3.0 should upgrade to 3.0.5.
Advertising
Hi sir,
Can users of openssl 1.0.1e be affected by this issue?
It's not listed as vulnerable, but I guess, nobody has tested it.