Security News > 2022 > August > GnuTLS patches memory mismanagement bug – update now!

Ideally, the memory allocation software will detect that the block no longer belongs to the part of the program that's "Returning" it, will figure out that the offending block has already been recycled, and won't deallocate it a second time, thus sidestepping the risks of "Freeing" it again.

Notably, the memory manager might inadvertently and unexpectedly "Confiscate" the double-freed block from the code that's now legitimately using it, and reassign it to yet another part of the program, perhaps even malicious code that an attacker has timed carefully to take advantage of the mismanagement.

One part of the program assumes it can trust the memory content implicitly, because it considers itself the legitimate "Owner" of the block.

Ironically, the CVE-2022-2509 bug exists in the certificate verification code in GnuTLS. For example, when you visit a website that's secured with TLS, the other end will typically send you a web certificate that asserts that the server really is owned and operated by the organisation you expect.

If the other end doesn't provide a pre-generated certificate chain, thus leaving GnuTLS to create and check the chain on its own, then the GnuTLS code accidentally frees up the memory used to store the supplied certificate before it starts the chain-checking process.

Usually, or at least often, crashes cause such wayward behaviour that the operating system detects the offending program has lost control of the flow of program execution - for example, if the program leaps off to a random memory address and tries to run code from a memory block that hasn't been allocated at all.

News URL

https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/