Security News > 2022 > March > OpenSSL patches infinite-loop DoS bug in certificate verification

OpenSSL patches infinite-loop DoS bug in certificate verification
2022-03-18 19:59

Amusingly, if we're allowed to say that, the bug only gets triggered if a program decides to do the right thing when making or accepting a secure connection, and verifies the cryptographic certificate supplied by the other end.

The OpenSSL implementation of the Tonelli-Shanks algorithm had a bug problem that was unlikely to show up in normal use, but could be triggered on purpose by feeding in data that would force the code to misbehave.

With a maximum number of iterations set so that the loop won't run forever if there's no answer in this case.

The problem is that the loop termination only checks whether the ever-increasing loop counter has exactly hit the maximum number of loops allowed.

If the above code ever gets invoked when maxloops is set to 0 or 1, implying that the loop should never run at all, then the test if i == maxloops will never become true, because i will be greater than maxloops on the first time round, and will keep on getting bigger and bigger than maxloops for ever more.

On the other hand, if the "Solution found" result t == 1 happens before the loop expires, and the loop exits early, the code will know a result was found and the error will not be triggered.


News URL

https://nakedsecurity.sophos.com/2022/03/18/openssl-patches-infinite-loop-dos-bug-in-certificate-verification/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Openssl 1 7 48 51 13 119