On November 1, Version 3.0.7 of OpenSSL was released to fix two high-severity vulnerabilities (CVE-2022-3602 and CVE-2022-3786). Despite the initial announcement, the severity of both vulnerabilities was assessed as high rather than critical. The vulnerabilities affect the OpenSSL version 3.0.0 – 3.0.6.
What are the vulnerabilities?
The first vulnerability, CVE-2022-3602 (X.509 Email Address 4-byte Buffer Overflow), is an arbitrary 4-byte stack buffer overflow that might trigger crashes or lead to remote code execution (RCE). CVE-2022-3602 is the vulnerability assessed as critical in the announcement. According to the OpenSSL Blog, it became evident that certain Linux distributions were immune to the buffer overflow, therefore, to the crash and the RCE during the tests during the prenotification week. In addition, implementing stack overflow protections in many modern platforms would mitigate the risks of RCE and a crash.
The second vulnerability, CVE-2022-3786 (X.509 Email Address Variable Length Buffer Overflow), can be exploited by attackers via malicious email addresses to trigger a denial of service state via a buffer overflow.
On the other hand, both vulnerabilities should be taken seriously, and the affected platforms should be upgraded as soon as possible.
How critical are the vulnerabilities?
CVE-2022-3602 and CVE-2022-3786 are assessed as high-severity. CVE-2022-3602 was first evaluated as critical because of the risk of remote code execution. However, later assessments showed that RCE is not likely in common situations. Therefore, CVE-2022-3602 was reassessed as high-severity per OpenSSL Security Policy.
Which versions are vulnerable?
The vulnerabilities affect the OpenSSL version 3.0.0 – 3.0.6. Any platform that uses earlier versions is not affected by these vulnerabilities.
Applications that use a vulnerable version of OpenSSL that validate untrusted X.509 certificates, such as clients and servers that use TLS authentication, should be regarded as vulnerable.
How do the vulnerabilities work?
An attacker could create a malicious email address in a certificate which can use either vulnerability to cause a buffer overflow in X.509 certificate verification, specifically in name constraint checks.
OpenSSL Security Advisory describes when both vulnerabilities can be exploited: In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server request client authentication and a malicious client connects.
Are there any exploit codes for the vulnerabilities?
OpenSSL states in the advisory that they are unaware of any exploits utilizing these vulnerabilities.
Are these vulnerabilities actively exploited in the wild?
According to the OpenSSL team, there is no evidence of active exploitation in the wild.
Is there any mitigation or patch available?
The vulnerabilities only affect the OpenSSL version 3.0.0 – 3.06, which is around 1.5% of the OpenSSL users, according to Wiz.io. Any platform that uses earlier versions is safe. The affected platforms should be upgraded as soon as possible to version 3.0.7.
As a mitigation, users can disable the TLS client authentication until they can apply the fix.