Security News > 2022 > March > OpenSSL patches crash-me bug triggered by rogue certs

A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve.

The vulnerability stems from a bug in the BN mod sqrt() function, which the OpenSSL team said is used to parse certificates that "Contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form." As it turns out, all you need to do to trigger an infinite loop in BN mod sqrt() is hand an OpenSSL-based application or service a certificate with invalid explicit curve parameters.

Slip a bad certificate to any app or server using BN mod sqrt() to parse certs, and the software will get caught in the loop and stop working.

Possibly exploitable situations include TLS clients consuming server certificates, hosting providers accepting keys from customers, certificate authorities parsing cert requests from subscribers, or "Anything else which parses ASN.1 elliptic curve parameters."

"The most common scenario where this would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate. TLS servers may be affected if they are using client authentication and a malicious client attempts to connect to it," said Matt Caswell, a developer at the OpenSSL Software Foundation.

If you aren't one of those, you're still in luck: the exploit is harder to trigger in OpenSSL 1.0.2 because the public key isn't parsed during the initial certificate processing.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/15/openssl_bug_dos/