ID

VAR-202302-0195

CVE

CVE-2022-4450

TITLE

OpenSSL  Double release vulnerability in

DESCRIPTION

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2023:0946-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0946 Issue date: 2023-02-28 CVE Names: CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: read buffer overflow in X.509 certificate verification (CVE-2022-4203) * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) * openssl: invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216) * openssl: NULL dereference validating DSA public key (CVE-2023-0217) * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * openssl: NULL dereference during PKCS7 data verification (CVE-2023-0401) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode (BZ#2144000) * In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 (BZ#2144003) * stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake (BZ#2144008) * In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator (BZ#2144010) * In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator (BZ#2144012) * In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator (BZ#2144015) * In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 (BZ#2144017) * In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator (BZ#2144019) * In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator (BZ#2145170) * RHEL9.1 Nightly[0912] - error:03000093:digital envelope routines::command not supported when git clone is run with configured ibmca engine backed by libica.so.4 (OpenSSL 3.0) (BZ#2149010) * OpenSSL FIPS checksum code needs update (BZ#2158412) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 2144000 - HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode [rhel-9.1.0.z] 2144003 - In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 [rhel-9.1.0.z] 2144006 - FIPS self-test data for RSA-CRT contains incorrect parameters [rhel-9.1.0.z] 2144008 - stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake [rhel-9.1.0.z] 2144010 - In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator [rhel-9.1.0.z] 2144012 - In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator [rhel-9.1.0.z] 2144015 - In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator [rhel-9.1.0.z] 2144017 - In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 [rhel-9.1.0.z] 2144019 - In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator [rhel-9.1.0.z] 2145170 - In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator [rhel-9.1.0.z] 2158412 - OpenSSL FIPS checksum code needs update [rhel-9.1.0.z] 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164488 - CVE-2022-4203 openssl: read buffer overflow in X.509 certificate verification 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2164497 - CVE-2023-0216 openssl: invalid pointer dereference in d2i_PKCS7 functions 2164499 - CVE-2023-0217 openssl: NULL dereference validating DSA public key 2164500 - CVE-2023-0401 openssl: NULL dereference during PKCS7 data verification 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: openssl-debuginfo-3.0.1-47.el9_1.aarch64.rpm openssl-debugsource-3.0.1-47.el9_1.aarch64.rpm openssl-devel-3.0.1-47.el9_1.aarch64.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.aarch64.rpm openssl-perl-3.0.1-47.el9_1.aarch64.rpm ppc64le: openssl-debuginfo-3.0.1-47.el9_1.ppc64le.rpm openssl-debugsource-3.0.1-47.el9_1.ppc64le.rpm openssl-devel-3.0.1-47.el9_1.ppc64le.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.ppc64le.rpm openssl-perl-3.0.1-47.el9_1.ppc64le.rpm s390x: openssl-debuginfo-3.0.1-47.el9_1.s390x.rpm openssl-debugsource-3.0.1-47.el9_1.s390x.rpm openssl-devel-3.0.1-47.el9_1.s390x.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.s390x.rpm openssl-perl-3.0.1-47.el9_1.s390x.rpm x86_64: openssl-debuginfo-3.0.1-47.el9_1.i686.rpm openssl-debuginfo-3.0.1-47.el9_1.x86_64.rpm openssl-debugsource-3.0.1-47.el9_1.i686.rpm openssl-debugsource-3.0.1-47.el9_1.x86_64.rpm openssl-devel-3.0.1-47.el9_1.i686.rpm openssl-devel-3.0.1-47.el9_1.x86_64.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.i686.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.x86_64.rpm openssl-perl-3.0.1-47.el9_1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: openssl-3.0.1-47.el9_1.src.rpm aarch64: openssl-3.0.1-47.el9_1.aarch64.rpm openssl-debuginfo-3.0.1-47.el9_1.aarch64.rpm openssl-debugsource-3.0.1-47.el9_1.aarch64.rpm openssl-libs-3.0.1-47.el9_1.aarch64.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.aarch64.rpm ppc64le: openssl-3.0.1-47.el9_1.ppc64le.rpm openssl-debuginfo-3.0.1-47.el9_1.ppc64le.rpm openssl-debugsource-3.0.1-47.el9_1.ppc64le.rpm openssl-libs-3.0.1-47.el9_1.ppc64le.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.ppc64le.rpm s390x: openssl-3.0.1-47.el9_1.s390x.rpm openssl-debuginfo-3.0.1-47.el9_1.s390x.rpm openssl-debugsource-3.0.1-47.el9_1.s390x.rpm openssl-libs-3.0.1-47.el9_1.s390x.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.s390x.rpm x86_64: openssl-3.0.1-47.el9_1.x86_64.rpm openssl-debuginfo-3.0.1-47.el9_1.i686.rpm openssl-debuginfo-3.0.1-47.el9_1.x86_64.rpm openssl-debugsource-3.0.1-47.el9_1.i686.rpm openssl-debugsource-3.0.1-47.el9_1.x86_64.rpm openssl-libs-3.0.1-47.el9_1.i686.rpm openssl-libs-3.0.1-47.el9_1.x86_64.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.i686.rpm openssl-libs-debuginfo-3.0.1-47.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-4203 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0216 https://access.redhat.com/security/cve/CVE-2023-0217 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/3zh9zjgjWX9erEAQhxrBAAn8qLHFdqY5kOnqZPl4AVsYqhFEHJXJmF m+7RRNG/ECcrMKgcD+zMnutKhoCSkXfGWEyXBmk16i0d4Epl10sN59Dygwupd3Du uS2T6uAsaG6Uh4dxrmg6ROCuplRbRvUU3sbhkWNebnccrmSGfz9knqG5AgXONPKk KT5SOQwb/2jqQzu8P4rRzTC63qwOygA7zJB+XGw1htY4tUxOYsznDII8pgkirN0i 58CuQhIqpvCDiVNc87YJpXDy/vJt08EyW1OpeluCAmjemXylRMSnyZEAWEfZoIS8 tAoF6cbdgx+X7zf97plXmc9Av4x4X7fD9acwLsOp5v5OkNf7Bgn6mniyKPl/Cwr9 /Y2S9QyCNvAZy+Nm/fUOi+bBd2PLSHvgmM5C07mJrtBG0wLgdP+F8Iv5B8jqT3hC ky9UnVzaoD8A2/1FNrJrYfnIZlHu723wfx9N3WUWQSAKln3fPic/0Z7HKpm5gyPf gCLFCdMUSrfO8u2smc+yXPyyPmg14kaHTawxEQUztKB3QsRbedwAEL6aUBfwe7fK NWofAllHq/m368XvGqTsqHjAwo81i+L18v0f2ekQKOJ3/bQy80ZERS0l6u/DUtsO 3hwRoCLW7SyNW/3LKKAPExAnZlTqp67cSrUD2GdfLoOc4Mc7UZZjN154MHIjZq1D D6EiWOLrLsE= =ho5H -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: February 04, 2024 Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560 ID: 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-libs/openssl < 3.0.10 >= 3.0.10 Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10" References ========== [ 1 ] CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 [ 2 ] CVE-2022-4203 https://nvd.nist.gov/vuln/detail/CVE-2022-4203 [ 3 ] CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 [ 4 ] CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 [ 5 ] CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 [ 6 ] CVE-2023-0216 https://nvd.nist.gov/vuln/detail/CVE-2023-0216 [ 7 ] CVE-2023-0217 https://nvd.nist.gov/vuln/detail/CVE-2023-0217 [ 8 ] CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 [ 9 ] CVE-2023-0401 https://nvd.nist.gov/vuln/detail/CVE-2023-0401 [ 10 ] CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [ 11 ] CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [ 12 ] CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [ 13 ] CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [ 14 ] CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 [ 15 ] CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 [ 16 ] CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. Summary: The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 5. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/ Security fix(es): * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability * CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint Jira issues addressed: * ACM-3516: ACM 2.6.5 images 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/): JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2 7

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-15T21:41:14.068000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE