OpenSSL drops update addressing ‘high severity’ denial of service issue in ubiquitous encryption library

The race is on for maintainers of downstream applications

The maintainers of OpenSSL, the open source library used by millions of web applications to encrypt communications, have released updates addressing a ‘high’ severity denial of service (DoS) vulnerability.

This issue, which arises from how OpenSSL parses certificates, affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and was addressed with the release of 1.0.2zd, 1.1.1n, and 3.0.2 yesterday (March 15) afternoon.

The disclosure has serious supply chain implications given that, according to builtWith, OpenSSL delivers the Transport Layer Security (TLS) protocol for at least 2.7 million active websites.

‘Loop forever’

The software crashing bug leaves cryptographic subsystems at risk from rogue certificates.

“The function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli,” explains an OpenSSL security advisory.

“Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.”

Catch up on the latest internet infrastructure news

The infinite loop can be triggered by crafting a certificate with invalid, explicit curve parameters, according to the OpenSSL project.

“Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate” is therefore at risk from a DoS attack. “The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.”

Vulnerable scenarios

Applications were potentially vulnerable to exploitation where TLS clients or servers apply server certificates, if hosting providers take certificates or private keys from customers, or where certificate authorities parse certification requests from subscribers.

Anything else that parses ASN.1 elliptic curve parameters is also potentially at risk, along with “applications that use the where the attacker can control the parameter values”.

Although the update for version 1.0.2 – 1.0.2zd – is for premium users only, the flaw is harder to exploit with this version as “the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop”.

Nevertheless, “any operation which requires the public key from the certificate will trigger the infinite loop”, continues the advisory, with attackers able to use a self-signed certificate to trigger the loop during verification.

Node.js updates incoming

The race is on for maintainers of downstream applications, who were given advance warning of the incoming updates on March 8, to assess how they might be impacted and how urgently they need to update their own frameworks.

This includes JavaScript runtime environment Node.js, which gave its own users a heads-up yesterday (March 14) that it “may be releasing new versions across all of its supported release lines late this week to incorporate upstream patches from OpenSSL” once technical details landed.

DON’T MISS Node.js security: Parse Server remote code execution vulnerability resolved

“After assessing the impact on Node.js, it will be decided whether the issues fixed require immediate security releases of Node.js, or whether they can be included in the normally scheduled updates,” according to a Node.js advisory.

The Node.js project promised to provide further details within 24 hours of the OpenSSL release, via the nodejs-sec Google Group, although at the time of writing further information is yet to surface.

The security flaw was reported to OpenSSL on February 24, 2022 by Tavis Ormandy from Google.

The most damaging bug in the OpenSSL library to date remains the infamous Heartbleed vulnerability of 2014 that enabled attackers to access secret keys, passwords, and sensitive personal information.

RELATED Encryption issues account for minority of flaws in encryption libraries – research