OpenSSL 3.0 vulnerability: Patch released for security scare

The OpenSSL project has now lifted its embargo detailing the 'second-ever critical vulnerability patch' in the project’s history.

OpenSSL version 3.0.7 is now available to download and brings fixes for two security vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602, which have now been downgraded from the highest ‘critical’ severity to high’.

CVE-2022-3602 was originally the critical-severity flaw, a four-byte stack buffer overflow that could have been triggered in the name constraint checking process involved in X.509 certificate verification. Theoreticslly, successful exploitation could have led to a crash or remote code execution (RCE).

Attackers could have achieved this by crafting a malicious email address to overflow the four attacker-controlled bytes on the stack, causing a buffer overflow, OpenSSL said in an advisory.

This could only occur after certificate chain signature verification, it added, and would require either a certificate authority to have signed the malicious certificate or for the application to continue verifying even a path could not be constructed to a trusted issuer.

OpenSSL said there were a number of mitigating factors that led to the decision to downgrade the severity rating.

Considerations taken into account included the idea that many platforms deploy protections for such buffer overflows that would likely lead to the prevention of RCE, and sowas the thinking that the stack layout of any given platform may have further limited an exploit’s success.

Despite the severity downgrade, OpenSSL recommends all users of OpenSSL version 3 and above upgrade to the latest 3.0.7 version.

“We are not aware of any working exploit that could lead to code execution, and we have no evidence of this issue being exploited as of the time of release of this advisory,” it said.

According to OpenSSL’s security policy, a vulnerability will only be assigned ‘critical’ status if RCE is likely in common situations.

“We no longer felt that this rating applied to CVE-2022-3602 and therefore it was downgraded on 1 November 2022 before being released to high,” said OpenSSL in a separate blog post.

“CVE-2022-3786 was not rated as critical from the outset, because only the length and not the content of the overwrite is attacker-controlled,” it added. “Exposure to remote code execution is not expected on any platforms.”

A security researcher, Viktor Dukhovni, discovered the second vulnerability, CVE-2022-3786, while researching CVE-2022-3602 which was discovered by ‘Polar Bear’.

It was another buffer overflow issue with X.509 certificate verification that could cause a crash resulting in a denial of service, but had no potential for RCE.

When the security issues were announced last week, the two flaws were not detailed to reduce the likelihood of cyber attackers being able to use the information to engineer working exploits before the patch could be released.

Comparisons between the vulnerability in OpenSSL 3.0 and Heartbleed, the only other critical vulnerability in the project, have since been rejected.

"In short: While this is a potential remote code execution vulnerability, the requirements to trigger the vulnerability are not trivial, and I do not see this as a 'Heartbleed Emergency'," said Dr Johannes Ullrich, dean of research at SANS Technology Institute. "Patch quickly as updated packages become available, but beyond this, no immediate action is needed."

OpenSSL users do not need to replace their TLS server certificates, the project’s representatives said.

All OpenSSL 3.0 applications that verify X.509 certificates received from untrusted sources should be considered vulnerable, they added. All versions below 3.0 are unaffected.