![]() Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Projects 1 Security Insights New issue AVX512-specific heap buffer overflow with 3.0. ![]() Exploitation occurs when a certificate contains a specially crafted punycode-encoded email address designed to trigger the buffer overrun. The location of the buffer is application dependent but is typically heap allocated. CVE-2022-3786 and CVE-2022-3602 are buffer overrun vulnerabilities in the name constraint checking function of the X.509 certificate verification in OpenSSL. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. On November 2, 2022, NSFOCUS CERT detected that openssl officially released a security notice and fixed multiple buffer overflow vulnerabilities in OpenSSL. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking by the osslpunycodedecode function. This issue affects Apache HTTP Server 2.4. Affected versions of this package are vulnerable to Buffer Overflow. This vulnerability can be exploited by a client using a malformed key during the handshake process with an SSL server connection using the SSLv2 communication process. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data. Versions of OpenSSL servers prior to 0.9.6e and pre-release version 0.9.7-beta2 contain a remotely exploitable buffer overflow vulnerability. ![]() Unlike CVE-2022-3602, this issue was always rated as high severity, and wasn’t downgraded. low: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This can lead to a buffer overflow when EVPPKEYdecrypt () is called by the application a second time with a buffer that is too small. Typically an application will call this function twice. A secondary buffer overflow in the ossla2ulabel function, with a severity of high, was disclosed and fixed in this commit. In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |