The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution.
The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email address.
"In a TLS client, this can be triggered by connecting to a malicious server," OpenSSL said in an advisory for CVE-2022-3786. "In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects."
Versions 3.0.0 through 3.0.6 of the library are affected by the new flaws, which has been remediated in version 3.0.7. It's worth noting that the commonly deployed OpenSSL 1.x versions are not vulnerable.
Per data shared by Censys, about 7,062 hosts are said to run a susceptible version of OpenSSL as of October 30, 2022, with a majority of those located in the U.S., Germany, Japan, China, Czechia, the U.K., France, Russia, Canada, and the Netherlands.
While CVE-2022-3602 was initially treated as a Critical vulnerability, its severity has since been downgraded to High, citing stack overflow protections in modern platforms. Security researchers Polar Bear and Viktor Dukhovni have been credited with reporting CVE-2022-3602 and CVE-2022-3786 on October 17 and 18, 2022.
The OpenSSL Project further noted the bugs were introduced in OpenSSL 3.0.0 as part of punycode decoding functionality that's currently used for processing email address name constraints in X.509 certificates.
Despite the change in severity, OpenSSL said it considers "these issues to be serious vulnerabilities and affected users are encouraged to upgrade as soon as possible."
Cybersecurity firm Rapid7 pointed out that "exploitability is significantly limited," as the flaws occur "after certificate verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer."
"Specifically, implementations that are configured for mutual authentication, where both the client and the server are providing OpenSSL-provided certificates for authentication, should definitely be fast-tracking this update," Tod Beardsley, director of research at Rapid7, said.
Brian Fox, co-founder and CTO at software supply chain management firm Sonatype, reiterated the high level of difficulty required for weaponizing the flaws.
"The vulnerability requires a malformed certificate that is trusted or signed by a naming authority," Fox said. "That means that authorities should be able to quickly prevent certificates designed to target this vulnerability from being created, further limiting the scope."
Version 3.0, the current release of OpenSSL, is bundled with Linux operating system flavors such as CentOS, Fedora, Kali, Linux Mint, openSUSE Leap, and Ubuntu. Apple's macOS, on the other hand, uses LibreSSL. Container images built using affected versions of Linux are also impacted.
According to an advisory published by Docker, roughly 1,000 image repositories could be affected across various Docker Official Images and Docker Verified Publisher images.
"The new OpenSSL vulnerability does not affect the issuance or use of certificates," Tim Callan, chief compliance officer at Sectigo, said in a statement. "No organization needs to revoke or reissue certificates based on this vulnerability."
The last critical flaw addressed by OpenSSL was in September 2016, when it closed out CVE-2016-6309, a use-after-free bug that could result in a crash or execution of arbitrary code.
There are close to 240,000 publicly accessible servers worldwide running versions of OpenSSL that are still vulnerable to Heartbleed eight years after its initial discovery, Rezilion researchers Yotam Perkal and Ofri Ouzan said.
The OpenSSL software toolkit was most notably impacted by Heartbleed (CVE-2014-0160), a serious memory handling issue in the implementation of the TLS/DTLS heartbeat extension, enabling attackers to read portions of a target server's memory.
"A critical vulnerability in a software library like OpenSSL, which is so widely in use and so fundamental to the security of data on the internet, is one that no organization can afford to overlook," SentinelOne said.
That said, OpenSSL has warned that the vulnerability may be critical for systems that do not have adequate protections in place, theoretically leading to remote code execution on some architectures and platforms.
"The chance of this vulnerability getting exploited in the wild is low due to the sophistication of this security bug, and the fact that one of the conditions is a malicious certificate signed by a trusted CA," Bharat Jogi, director of vulnerability and threat research at Qualys, said.
"Seeing as most modern systems and platforms implement built-in protections to thwart these kinds of attacks and mitigate against these risks – specifically remote code execution – the level of severity was downgraded."