{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/keywrap/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["openssl","aes","keywrap","oob-write","memory-corruption"],"_cs_type":"advisory","_cs_vendors":["OpenSSL"],"content_html":"\u003cp\u003eThe rust-openssl crate, specifically versions 0.10.24 through 0.10.77, contains a critical vulnerability in the \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e function. This function is intended to perform AES key wrapping, a process used to securely encrypt cryptographic keys. The vulnerability arises from an inverted bounds check on the output buffer size, where the function incorrectly validates the size of the output buffer against the input buffer size. This flaw allows an attacker to potentially write beyond the allocated memory region, leading to a crash or, in more sophisticated scenarios, arbitrary code execution. Exploitation requires that the vulnerable application utilizes AES keywrap and allows the attacker to control the buffer sizes passed to \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using the vulnerable rust-openssl crate (versions 0.10.24 - 0.10.77) and the \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input with specific sizes for the input and output buffers to trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker provides a crafted input buffer (\u003ccode\u003ein_\u003c/code\u003e) and a smaller-than-required output buffer (\u003ccode\u003eout\u003c/code\u003e) to the vulnerable \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe incorrect bounds assertion \u003ccode\u003eout.len() + 8 \u0026lt;= in_.len()\u003c/code\u003e passes, as the \u003ccode\u003eout\u003c/code\u003e buffer is intentionally smaller than \u003ccode\u003ein_.len() - 8\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e function proceeds with the AES key wrapping process.\u003c/li\u003e\n\u003cli\u003eDuring the key unwrapping process, the function attempts to write \u003ccode\u003ein_.len() - 8 - out.len()\u003c/code\u003e bytes beyond the allocated boundary of the \u003ccode\u003eout\u003c/code\u003e buffer.\u003c/li\u003e\n\u003cli\u003eThis out-of-bounds write corrupts adjacent memory regions within the application\u0026rsquo;s address space.\u003c/li\u003e\n\u003cli\u003eDepending on the overwritten memory, the attacker can potentially achieve arbitrary code execution or cause a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to various adverse consequences, including denial of service, information disclosure, or arbitrary code execution. Applications utilizing AES keywrap and accepting attacker-controlled buffer sizes are at the highest risk. The specific impact depends on the application\u0026rsquo;s memory layout and the attacker\u0026rsquo;s ability to control the overwritten memory. Given the widespread use of OpenSSL for cryptographic operations, this vulnerability poses a significant threat to vulnerable applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003erust-openssl\u003c/code\u003e crate to version 0.10.78 or later to patch the vulnerability as indicated in \u003ca href=\"https://github.com/advisories/GHSA-8c75-8mhr-p7r9\"\u003eGHSA-8c75-8mhr-p7r9\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAudit code using \u003ccode\u003eaes::unwrap_key()\u003c/code\u003e to ensure input and output buffer sizes are validated correctly to prevent out-of-bounds writes.\u003c/li\u003e\n\u003cli\u003eImplement runtime memory protection mechanisms to detect and prevent out-of-bounds writes, mitigating the impact of this and similar vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-29T12:00:00Z","date_published":"2024-01-29T12:00:00Z","id":"/briefs/2024-01-openssl-oob-write/","summary":"The rust-openssl package is vulnerable to an out-of-bounds write due to an incorrect bounds assertion in the `aes::unwrap_key()` function, potentially leading to arbitrary code execution if attacker-controlled buffer sizes are permitted.","title":"rust-openssl AES Key Wrap Out-of-Bounds Write Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-openssl-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed — Keywrap","version":"https://jsonfeed.org/version/1.1"}