OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
It is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. So far no successful exploitation this vulnerability has been observed or reported publicly. However, it’s severity is considered to be high.
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the “signature_algorithms_cert” TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service (DOS) attack. So far no active exploitation has been observed publicly.
TECHNICAL EXPLANATION OF THE VULNERABILITY
In the tls1_check_sig_alg() helper function, OpenSSL loop through the list of “signature_algorithms_cert” values received from the client and attempt to look up each one in turn in their internal table that maps wire code-point to string-form name, digest and/or signature NID, etc., in order to compare the signature scheme from the peer’s list against what is used to sign the certificates in the certificate chain we’re checking. When the peer sends a value that OpenSSL don’t support, the lookup returns NULL, but it unconditionally de-reference the lookup result for the comparison, leading to an application crash triggerable by an unauthenticated client. Since it will not be able to say anything about algorithms it don’t recognize, treat NULL return from lookup as “does not match”.
It currently only apply the “signature_algorithm_cert” checks on TLS 1.3 connections, so previous TLS versions are unaffected. SSL_check_chain() is not called directly from libssl, but may be used by the application inside a callback (e.g., client_hello or cert callback) to verify that a candidate certificate chain will be acceptable to the client.
VULNERABLE OpenSSL VERSIONS
NOTE: This issue did not affect OpenSSL versions prior to 1.1.1d.
IMPACT / RISK
- Successful exploitation of this vulnerability may result in DOS condition
- Successful exploitation may cause the disruption of our services which can lead to several other risks and threats.
- It does not have any impact on confidentiality and Integrity, but have severe impact on availability.
Only solution is upgrade to the latest patched version 1.1.1g.
Link to official advisory by OpenSSL: https://www.openssl.org/news/secadv/20200421.txt
Stay tuned for more cyber stuff!!