CVE ALERT! OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Overview

After a week of speculation about OpenSSL vulnerabilities, the OpenSSL project disclosed two new CVEs to address buffer overrun vulnerabilities in its cryptographic library that could trigger crashes or lead to remote code execution (RCE).

Here is an overview of both vulnerabilities and mitigation techniques organizations should consider.

Vulnerabilities

• CVE-2022-3602 is a 4-byte stack buffer overflow that could trigger crashes or be leveraged for RCE.
• CVE-2022-3786 is a buffer overflow that can trigger a denial-of-service (DoS) state through crashes.
• OpenSSL version 3.0.0 through 3.0.6 are affected by both vulnerabilities.
• Both vulnerabilities are caused by incorrect constraint checking of the email address field during the validation of X.509 client certificates.
• The vulnerabilities could potentially be exploited via malicious TLS certificates
• Because OpenSSL 3.0 was only recently FIPS certified (August 23, 2022), many vendors that have FIPS certifications are using OpenSSL version 1.x, which is not affected by the vulnerabilities.
• The vulnerability only affects services and client implementations that perform X.509 certificate validation through the OpenSSL cryptographic library.

Risk

Several non-trivial conditions need to be met for successful exploitation.

• Modern application runtimes contain stack overflow protections, and as such, the risk for RCE or DoS is low, though not zero.
• At the time of publication, there are no public proofs-of-concept available or reports of exploitation in the wild for either of these flaws.
• To impact web services, the maliciously crafted certificate would have to be signed by the web services’ CA certificate. Without obtaining a valid CA certificate, the client certificate validation will be stopped higher up in the certificate chain.
• Client applications can be impacted when visiting servers using maliciously crafted certificates. Though expected to be very slim, there might be a risk for RCE on the client side. A server certificate must be signed by a valid CA, so unless a legitimate server was compromised or the client was tricked into browsing a malicious server, there should not be an immediate risk.

Impacted Software & Devices

Any application or device, from messaging clients and web browsers on desktop and mobile, network attached storage (NAS) devices and security gateways, up to server software and online services that leverage OpenSSL 3.x and provide certificate-based authentication.

Mitigations

• Update to OpenSSL version 3.0.7
• Contact your product vendors and update any software or appliances leveraging OpenSSL version 3.0.0 up to 3.0.6
• If no certificate validation is required, disabling certificate validation will mitigate the vulnerability.
• If timely updating is not possible, the following steps will alleviate the urgency of patching:
  • fronting the affected services
  • disabling certificate validation in the service
  • moving the certificate validation to a reverse proxy running an unaffected or patched version of OpenSSL

More Information

• OpenSSL Vulnerabilities: https://www.openssl.org/news/vulnerabilities.html
• OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20221101.txt
• OpenSSL QA: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Radware Product Exposure(s)

• Product status for CVE 2022-3602
• Product status for CVE 2022-3786