![]() ![]() This can also happen by using the ASN1_STRING_set0() function. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the data and length fields in the ASN1_STRING array. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own d2i functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. (CVE-2021-3711) - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. ![]() The location of the buffer is application dependent but is typically heap allocated. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. Typically an application will call this function twice. In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). It is, therefore, affected by a vulnerability as referenced in the 1.1.1l advisory. Description The version of OpenSSL installed on the remote host is prior to 1.1.1l. Note that clients using Internet Explorer, Firefox, Safari, and Chrome (desktop and iOS) are not affected.įor Servers: versions 1.0.1 and 1.0.Synopsis The remote service is affected by a vulnerability. The versions of OpenSSL that are affected are as follows: For this attack to work, both the Server and Client must be running affected versions of OpenSSL. Once this handshake is made, an attacker can use a Man-in-the-middle (MITM) attack to weaken the SSL encryption to decrypt traffic (communications) between the attacked client and server. An attacker can use this vulnerability to force a handshake (connection) to use weak keying material in OpenSSL SSL/TLS clients and servers. The SSL/TLS MITM vulnerability does not affect your certificate private keys, meaning you do not need to re-key or re-issue your certificates rather, it affects an individual session. Of these seven vulnerabilities, one is of particular importance: “SSL/TLS MITM vulnerability ”. On June 5, 2014, the OpenSSL Development Team issued an OpenSSL Security Advisory identifying seven vulnerabilities. Securing Your Network from the SSL/TLS MITM Vulnerability (AKA CCS Injection Vulnerability) Announcement
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |