The maintainers of OpenSSL have dispatched patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in an “infinite loop.” The flaw resides in a function called BN_mod_sqrt() used to compute the modular square root.
“Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack,” OpenSSL said in an advisory publicized on March 15, 2022.
“The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic-curve parameters.”
While there was no evidence that vulnerability has been exploited in the wild, there were a few scenarios, including when TLS clients (or servers) access a rogue certificate from a malicious server (or client) or when certificate authorities parse certification requests from subscribers.
The vulnerability impacts OpenSSL versions 1.0.2, 1.1.1, and 3.0. The project owners have addressed the flaw by releasing versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. OpenSSL 1.1.0, while also affected, will not receive a fix as it has reached end-of-life.
Google Project Zero security researcher Tavis Ormandy has reported the flaw on February 24, 2022. David Benjamin from Google and Tomáš Mráz from OpenSSL developed the fix.
CVE-2022-0778 is also the second OpenSSL vulnerability resolved since the start of the year. On January 28, 2022, the maintainers fixed a moderate-severity flaw (CVE-2021-4160, CVSS score: 5.9) affecting the library’s MIPS32 and MIPS64 squaring procedure.
