Analysis of OpenSSL CVE-2022-3786 and CVE-2022-3602

On the 1st of November, OpenSSL released information about two buffer overflow vulnerabilities: CVE-2022-3786 and CVE-2022-3602. In the pre-disclosure announcement on the 25th of October, the issue severity was declared as Critical, but then it was changed to High. The issues affect versions 3.0 and above.

Both CVEs have similar severity; however, their potential impact varies: CVE-2022-3602 may lead to remote code execution, and CVE-2022-3786 results in denial of service. The severity has been downgraded because the OpenSSL team got more feedback from the parties participating in the early testing concluding that remote code execution is only possible for a limited set of platforms/compilers.

There is no PoC (proof of concept) available now. The exploitation requires either a malicious certificate signed by a trusted Certificate Authority, which is not trivial, or code that ignores the certificate chain validation error, which is possible but is not ubiquitous.

The OpenSSL team recommends updating to version 3.0.7, regardless of the issue severity change.

Checkmarx SCA can help find the usage of OpenSSL, flagging the currently affected versions. Technical information regarding the vulnerabilities are available in our new Developer’s Hub:

The KICS team has added a new query that detects downloads of the vulnerable OpenSSL versions in the Dockerfiles.

References

More Details

OpenSSL is an open-source implementation of the SSL and TLS protocols, and its ubiquitous software. The modern Internet relies on SSL and TLS, so OpenSSL or its forks like LibreSSL and BoringSSL are pre-installed and used by all modern operating systems. This software is used on both ends: servers and clients.

On November 1st, the OpenSSL team announced two new CVEs: CVE-2022-3786 and CVE-2022-3602. These two issues are buffer overflows, and their severity is High. Initially, on the 25th of October, the issue severity was announced by the OpenSSL project as Critical, but then it was changed to High. The issues reside in punycode decoding functions.

There is no PoC (proof of concept) available now.

CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow

In short, CVE-2022-3786 affects TLS clients and servers and could result in a crash (Denial of Service). Exploitation seems complicated because it requires certain conditions.

A buffer overrun can be triggered in X.509 certificate verification. To be specific, it happens in the name constraint check. An attacker can craft a malicious email address to overflow an arbitrary number of bytes containing the . (decimal 46) character on the stack.

TLS clients may be affected by CVE-2022-3786 as well as TLS servers. On a TLS client, this can be triggered by connecting to a malicious server. On a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. It is worth saying that vulnerable code is triggered only after the certificate chain signature verification. It means that an attacker must obtain a signed malicious certificate, whereas issuing a trusted malicious certificate signed by a valid certificate authority is not trivial.

CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow

CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow. Such vulnerabilities may lead to remote code execution. Originally, this issue was assessed by the OpenSSL project as Critical. After investigation, the OpenSSL team realized that remote code execution is only possible for a limited set of platforms/compilers and decreased the severity to High.

Because these two issues reside in punycode decoding functions, it is highly likely that CVE-2022-3602 has the same attack vector and conditions for exploitation as the CVE-2022-3786.

What to do

If you use OpenSSL 3.0.0-3.0.6, upgrade to 3.0.7 as soon as possible.

You may find an original blog post by the OpenSSL team with the FAQ: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

References

Skip to content