OpenSSL 1.1.1l closes two safety gaps, together with a buffer overflow that’s assessed as having a excessive danger score.
With the discharge of OpenSSL 1.1.1l, two safety holes have been closed. One of many two gaps was rated as excessive danger, the opposite hole as medium.
For the excessive danger drawback CVE – 2021 – 3711 there’s a buffer overflow within the decryption of knowledge encrypted with SM2. Attackers might exploit this loophole from a distance by transmitting specifically manipulated SM2 content material and thus overwriting information exterior the prescribed vary. Consequently, there’s a danger of a crash, however with applicable preparation, your personal code is also smuggled into the applying and executed.
In line with the observe on the vulnerability on OpenSSL.org, as much as 62 Bytes within the heap are overwritten.
The second hole has existed for a very long time
The CVE vulnerability rated with a medium danger – 2021 – 3712 relies on an overflowing buffer, however this time solely when studying. Right here ASN.1 strings have been saved inside OpenSSL as ASN1_STRING constructions.
ASN.1 strings are utterly regular strings terminated with a NUL byte, whereas ASN1_STRING constructions include the string as a personality string and the size of the string. Right here it was not ensured that the character strings have been saved within the ASN1_STRING constructions together with the NUL byte. If the NUL byte is lacking, an ASN.1 string is learn out till one occurs to come back – for instance, secret information akin to personal keys can by accident be output if they’re saved within the reminiscence straight after the character string.
Don't miss something: Subscribe to the t3n publication! 💌
Be aware on the publication & information safety
This second loophole was additionally current within the OpenSSL line 1.0.2; An replace in model OpenSSL 1.0.2za can also be obtainable for this model sequence. The extra severe error couldn’t happen within the 1.0.2 sequence, nevertheless.
Creator of the article is Boris Mayer.