SB2022101711 - Gentoo update for OpenSSL

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022101711

SB2022101711 - Gentoo update for OpenSSL

Published: October 17, 2022 Updated: February 22, 2023

Security Bulletin ID SB2022101711
Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 50% Low 38%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Raccoon attack (CVE-ID: CVE-2020-1968)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a timing flaw in the TLS specification. A remote attacker can compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite and eavesdrop on all encrypted communications sent over that TLS connection.

Note: The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections.


2) Buffer overflow (CVE-ID: CVE-2021-3711)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in EVP_PKEY_decrypt() function within implementation of the SM2 decryption. A remote attacker can send specially crafted SM2 content for decryption to trigger a buffer overflow by 62 bytes and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Out-of-bounds read (CVE-ID: CVE-2021-3712)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


4) Cryptographic issues (CVE-ID: CVE-2021-4160)

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to BN_mod_exp may produce incorrect results on MIPS. A remote attacker can decrypt TLS traffic. According to vendor, multiple EC algorithms are affected, including some of the TLS 1.3 default curves. 

Successful exploitation of the vulnerability requires certain pre-requisites for attack, such as obtaining and  reusing private keys. 


5) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.


6) OS Command Injection (CVE-ID: CVE-2022-1292)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.



7) Uncontrolled Memory Allocation (CVE-ID: CVE-2022-1473)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory reuse is not possible in the OPENSSL_LH_flush() function, which empties a hash table when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service.


8) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.



Remediation

Install update from vendor's website.

References