On 1 November 2022, the OpenSSL project released OpenSSL version 3.0.7 to address two high-severity security issues. We recommend updating the affected product to the latest version immediately and following the mitigation steps below.
On 1 November 2022, the OpenSSL project released a security update to address two high-severity flaws in Open Secure Sockets Layer (OpenSSL), an open-source toolkit that implements the protocols and algorithms required by the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols.
The two flaws, tracked as CVE-2022-3602 and CVE-2022-3786, are due to memory corruption in the Punycode decoding functions. The vulnerable functionality was introduced in OpenSSL 3.0.0 and is only used for processing email address name constraints in X.509 certificates. Servers accepting TLS client authentication to validate their identity may be susceptible to this issue. Any OpenSSL 3.x application that verifies X.509 certificates received from untrusted sources is considered vulnerable. This includes TLS clients, and TLS servers that are configured to use TLS client authentication.
The issue affects OpenSSL 3.0 to 3.0.6. OpenSSL 1.0.2, 1.1.1 and other earlier versions are not affected. OpenSSL 1.1.1 is still supported, and the version 1.1.1s, also released on 1 November 2022, is described as a “bug fix release”, with no security issues.
The first vulnerability, tracked as CVE-2022-3602 , is a buffer overflow triggered in name constraint checking during the X.509 certificate verification. Exploitation requires either a Certificate Authority (CA) to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. In a pre-release announcement, OpenSSL assessed CVE-2022-3602 as Critical. In its 1 November 2022 advisory, OpenSSL downgraded the impact of this flaw, due to mitigating factors, to a High-severity rating. The project developers assessed that the stack overflow protections and stack layout on most common architectures and platforms mitigate the remote code execution (RCE) vector. In most cases, this buffer overflow would result in a crash, causing a denial-of-service (DoS) condition.
The second flaw, CVE-2022-3786, is also rated as High severity. A threat actor could craft a malicious email address in a certificate to trigger a buffer overflow that could result in a crash causing a DoS condition.
At the time of the reporting, there is no functional exploit published, and there is no evidence of current abuse by threat actors.
Multiple vendors have reported being affected and are either working on updates or have already released them. The list of vendors is being continually updated and we recommend monitoring for and applying the updates as they become available.
We strongly advise following OpenSSL’s guidance and updating the affected product to the latest version (3.0.7) immediately.
We recommend reviewing guidance and applying updates for relevant operating systems, software and hardware vendors, and service providers as they become available.