ID

VAR-202302-0482

CVE

CVE-2022-4304

TITLE

OpenSSL  side-channel vulnerabilities in

DESCRIPTION

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. Under certain conditions. (CVE-2023-0286). OpenSSL Security Advisory [7th February 2023] ============================================= X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) ================================================================= Severity: High There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. OpenSSL versions 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only). This issue was reported on 11th January 2023 by David Benjamin (Google). The fix was developed by Hugo Landau. OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only). An initial report of a possible timing side channel was made on 14th July 2020 by Hubert Kario (Red Hat). A refined report identifying a specific timing side channel was made on 15th July 2022 by Hubert Kario. The fix was developed by Dmitry Belyavsky (Red Hat) and Hubert Kario. X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203) =========================================================== Severity: Moderate A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported to OpenSSL on 3rd November 2022 by Corey Bonnell from Digicert. The fix was developed by Viktor Dukhovni. Use-after-free following BIO_new_NDEF (CVE-2023-0215) ===================================================== Severity: Moderate The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only). This issue was reported on 29th November 2022 by Octavio Galland and Marcel Böhme (Max Planck Institute for Security and Privacy). The fix was developed by Viktor Dukhovni and Matt Caswell. Double free after calling PEM_read_bio_ex (CVE-2022-4450) ========================================================= Severity: Moderate The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t. OpenSSL 1.0.2 is not affected by this issue. This issue was discovered by CarpetFuzz and reported on 8th December 2022 by Dawei Wang. The fix was developed by Kurt Roeckx and Matt Caswell. Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216) ================================================================== Severity: Moderate An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported on 27th December 2022 by Marc Schönefeld. The fix was developed by Tomas Mraz. NULL dereference validating DSA public key (CVE-2023-0217) ========================================================== Severity: Moderate An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3. OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported on 27th December 2022 by Kurt Roeckx. The fix was developed by Shane Lontis from Oracle. NULL dereference during PKCS7 data verification (CVE-2023-0401) =============================================================== Severity: Moderate A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported on 13th January 2023 by Hubert Kario and Dmitry Belyavsky (Red Hat). The fix was developed by Tomas Mraz. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20230207.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/general/security-policy.html . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: February 04, 2024 Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560 ID: 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-libs/openssl < 3.0.10 >= 3.0.10 Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10" References ========== [ 1 ] CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 [ 2 ] CVE-2022-4203 https://nvd.nist.gov/vuln/detail/CVE-2022-4203 [ 3 ] CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 [ 4 ] CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 [ 5 ] CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 [ 6 ] CVE-2023-0216 https://nvd.nist.gov/vuln/detail/CVE-2023-0216 [ 7 ] CVE-2023-0217 https://nvd.nist.gov/vuln/detail/CVE-2023-0217 [ 8 ] CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 [ 9 ] CVE-2023-0401 https://nvd.nist.gov/vuln/detail/CVE-2023-0401 [ 10 ] CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [ 11 ] CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [ 12 ] CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [ 13 ] CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [ 14 ] CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 [ 15 ] CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 [ 16 ] CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.11.46 security update Advisory ID: RHSA-2023:4310-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4310 Issue date: 2023-08-02 CVE Names: CVE-2021-38561 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 CVE-2023-2828 CVE-2023-24329 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:4312 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Security Fix(es): * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html You can download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests can be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:88583eeaddcda4fbfdcf21f4dad86b01ff09bb010357c51f08fb24eb07fdb602 (For s390x architecture) The image digest is sha256:9626db69fc59699669497c95e67d8d3ae66d2374d9949ca7031bb25fa9ac188c (For ppc64le architecture) The image digest is sha256:10b9e45b7bd97eca6f4ae7b0ed3deac843d6c1474152a40206be851363eb56e8 (For aarch64 architecture) The image digest is sha256:37433b71c073c6cbfc8173ec7ab2d99032c8e6d6fe29de06e062d85e33e34531 All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-15506 - [release-4.11] gather podDisruptionBudget only from openshift namespaces OCPBUGS-15539 - IngressVIP getting attach to two nodes at once OCPBUGS-15876 - 4.11 ovn-k unit tests failing OCPBUGS-16037 - TuneD reverts node level profiles on termination OCPBUGS-16126 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes OCPBUGS-16152 - Placeholder bug for OCP 4.11.0 extras release OCPBUGS-5708 - Bootstraps' pivot service races with bootkube 6. References: https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/updates/classification/#moderate 7. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkyb3nAAoJENzjgjWX9erEjCMQAKfdfW6FdwjH/Fk+eipVjRmg U/JxPlmwI4G/6MNDjDZNv8D0NyyTRi3Gc0spRh6CmEJpDUT3HNR3LbY0IaRDMrzq bUjVegFYxFbmjlrcIprEPp4RuUDV9G4POrX5gIuq+v1P/qOE6IWL9L3tRnVLxZsT DGXFIajpwbVoXf9mgMkv3kEWHDDN1t+Tt2/w2yYMzqPeHppovByZgF2/jczsQZYT QpKSSTm1rLuVr9aFX2dObxbiOQ0eKf+58GibhZRn/lFXpD9kMoV5v6iMwY6kyO70 umyCRD8ZG/OiY3WsXiiYBFPB/LofRwQGqlIPibIKFcVFzLEvMG8BCBbz60owHmuY DMEdg4atBFMjf+dSPFWeOL+dewHuH2mysE0ve3N5wE65Z0m28sZJS7/CYmsNEqQw NuZyI75Sb6mQMbyR+BZ7HhX6F0cxezFS66QB10OHnNFamAkz/GU+/GhPc/qpJE+z KMLrDsxl8KzirGbD7Vkg/bggAZEbyPuwsLlxLY18aPVLj7q7EI3RZYnQegA7weCM FXCG/DifAt9Q/HF2xiMd9rWKEFxXu19jKl4M5pePwmD+aCuTcpxnJDGTnilUW/cA SEHKW8/UuzWWGROf5D1bHKMkIP6Bl9SuZTPBhBSosenx1j63mCSP8pscpVelQYPd AgASZ/NNiQj1zg2kBgug =rThL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Solution: For instructions on how to install and use OpenShift Serverless, see documentation linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2185507 - Release of OpenShift Serverless Serving 1.29.0 2185509 - Release of OpenShift Serverless Eventing 1.29.0 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs fixed (https://bugzilla.redhat.com/): 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): ACM-4736 - [ACM 2.5] Policies with a dot in their names don't work 6. Summary: The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-04-26T21:38:36.210000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE