https://feed.craftedsignal.io/vendors/openssl/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 29 Jan 2024 12:00:00 +0000https://feed.craftedsignal.io/briefs/2024-01-openssl-oob-write/Mon, 29 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-openssl-oob-write/The rust-openssl package is vulnerable to an out-of-bounds write due to an incorrect bounds assertion in the `aes::unwrap_key()` function, potentially leading to arbitrary code execution if attacker-controlled buffer sizes are permitted.The rust-openssl crate, specifically versions 0.10.24 through 0.10.77, contains a critical vulnerability in the aes::unwrap_key() function. This function is intended to perform AES key wrapping, a process used to securely encrypt cryptographic keys. The vulnerability arises from an inverted bounds check on the output buffer size, where the function incorrectly validates the size of the output buffer against the input buffer size. This flaw allows an attacker to potentially write beyond the allocated memory region, leading to a crash or, in more sophisticated scenarios, arbitrary code execution. Exploitation requires that the vulnerable application utilizes AES keywrap and allows the attacker to control the buffer sizes passed to aes::unwrap_key().

Attack Chain

1. An attacker identifies an application using the vulnerable rust-openssl crate (versions 0.10.24 - 0.10.77) and the aes::unwrap_key() function.
2. The attacker crafts a malicious input with specific sizes for the input and output buffers to trigger the vulnerability.
3. The attacker provides a crafted input buffer (in_) and a smaller-than-required output buffer (out) to the vulnerable aes::unwrap_key() function.
4. The incorrect bounds assertion out.len() + 8 <= in_.len() passes, as the out buffer is intentionally smaller than in_.len() - 8.
5. The aes::unwrap_key() function proceeds with the AES key wrapping process.
6. During the key unwrapping process, the function attempts to write in_.len() - 8 - out.len() bytes beyond the allocated boundary of the out buffer.
7. This out-of-bounds write corrupts adjacent memory regions within the application’s address space.
8. Depending on the overwritten memory, the attacker can potentially achieve arbitrary code execution or cause a denial-of-service condition.

Impact

Successful exploitation of this vulnerability can lead to various adverse consequences, including denial of service, information disclosure, or arbitrary code execution. Applications utilizing AES keywrap and accepting attacker-controlled buffer sizes are at the highest risk. The specific impact depends on the application’s memory layout and the attacker’s ability to control the overwritten memory. Given the widespread use of OpenSSL for cryptographic operations, this vulnerability poses a significant threat to vulnerable applications.

Recommendation

• Upgrade the rust-openssl crate to version 0.10.78 or later to patch the vulnerability as indicated in GHSA-8c75-8mhr-p7r9.
• Audit code using aes::unwrap_key() to ensure input and output buffer sizes are validated correctly to prevent out-of-bounds writes.
• Implement runtime memory protection mechanisms to detect and prevent out-of-bounds writes, mitigating the impact of this and similar vulnerabilities.

]]>highadvisoryopensslaeskeywrapoob-writememory-corruptionhttps://feed.craftedsignal.io/briefs/2024-01-03-rust-openssl-buffer-overflow/Wed, 03 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-03-rust-openssl-buffer-overflow/The rust-openssl crate is vulnerable to a stack-based buffer overflow (CVE-2026-41681) where the `EVP_DigestFinal()` function writes beyond the allocated buffer, potentially corrupting the stack, affecting versions >= 0.10.39 and < 0.10.78.The rust-openssl crate, a Rust wrapper for the OpenSSL library, is susceptible to a critical vulnerability (CVE-2026-41681) stemming from a buffer overflow within the MdCtxRef::digest_final() function. This flaw arises because EVP_DigestFinal() unconditionally writes EVP_MD_CTX_size(ctx) bytes to the provided output buffer (out), without verifying if the buffer’s allocated size is sufficient. Consequently, if out is smaller than the size dictated by EVP_MD_CTX_size(ctx), a write-out-of-bounds condition occurs, potentially leading to stack corruption. The vulnerability is reachable from safe Rust code, making it a significant concern for applications utilizing the affected versions of the rust-openssl crate. Specifically, versions 0.10.39 up to (but not including) 0.10.78 are affected.

Attack Chain

1. An attacker crafts a Rust application that utilizes the rust-openssl crate.
2. The application initiates a digest operation using EVP_DigestInit() to set up the message digest context.
3. The application feeds data into the digest context using EVP_DigestUpdate().
4. The application calls MdCtxRef::digest_final() via safe Rust.
5. Internally, EVP_DigestFinal() is called without proper bounds checking.
6. EVP_DigestFinal() attempts to write EVP_MD_CTX_size(ctx) bytes to the out buffer.
7. If out is smaller than the expected size, a stack-based buffer overflow occurs as data is written beyond the allocated memory region.
8. This overflow overwrites adjacent memory on the stack, potentially corrupting critical program data or control flow structures, leading to crashes or arbitrary code execution.

Impact

Successful exploitation of this vulnerability allows an attacker to potentially achieve arbitrary code execution within the context of the affected application. This could lead to complete system compromise, data breaches, or denial-of-service conditions. Given that the vulnerability is reachable from safe Rust, applications relying on vulnerable versions of the rust-openssl crate are at risk. The vulnerability can cause stack corruption, leading to unpredictable behavior and potential application crashes.

Recommendation

• Upgrade the rust-openssl crate to version 0.10.78 or later to remediate CVE-2026-41681.
• Implement robust input validation and size checks when using the rust-openssl crate, specifically when handling digest operations, to prevent buffer overflows.

]]>highadvisorybuffer overflowrustopensslvulnerabilityhttps://feed.craftedsignal.io/briefs/2024-01-03-openssl-overflow/Wed, 03 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-03-openssl-overflow/The rust-openssl crate's `Deriver::derive` and `PkeyCtxRef::derive` functions can cause heap/stack overflows when used with OpenSSL 1.1.x due to insufficient buffer length validation in X25519, X448, DH, and HKDF-extract, affecting rust-openssl versions >= 0.9.27 and < 0.10.78.The rust-openssl crate, specifically the Deriver::derive and PkeyCtxRef::derive functions, is vulnerable to a heap/stack overflow when used in conjunction with OpenSSL version 1.1.x. This occurs because the EVP_PKEY_derive function in OpenSSL 1.1.x fails to properly validate the input buffer length when used with X25519, X448, DH, and HKDF-extract. These key derivation functions unconditionally write the full shared secret (32/56/prime-size bytes) regardless of the buffer size provided by the caller, leading to a buffer overflow if the provided slice is too small. This vulnerability affects rust-openssl versions >= 0.9.27 and < 0.10.78. This vulnerability is mitigated in OpenSSL 3.x because the providers check buffer length.

Attack Chain

1. An attacker crafts a malicious application using the rust-openssl crate.
2. The application uses Deriver::derive or PkeyCtxRef::derive with an X25519, X448, DH, or HKDF-extract key agreement algorithm.
3. The application provides a buffer smaller than the expected output size of the key derivation function (32 bytes for X25519, 56 bytes for X448, prime-size bytes for DH).
4. The EVP_PKEY_derive function in OpenSSL 1.1.x is called without proper buffer length validation.
5. The key derivation function writes the full shared secret to the undersized buffer.
6. A heap or stack buffer overflow occurs, overwriting adjacent memory.
7. The attacker gains control of the application’s execution flow.
8. The attacker executes arbitrary code on the target system.

Impact

Successful exploitation of this vulnerability can lead to arbitrary code execution within the context of the vulnerable application. This could allow an attacker to gain complete control of the affected system. The number of victims depends on the prevalence of vulnerable rust-openssl versions being used with OpenSSL 1.1.x. Sectors that rely on rust-openssl for cryptographic operations are at higher risk.

Recommendation

• Upgrade the rust-openssl crate to version >= 0.10.78 to patch the vulnerability (see Overview).
• If upgrading rust-openssl is not immediately feasible, ensure that OpenSSL is upgraded to version 3.x, where the buffer length is checked (see Overview).
• Implement runtime checks to validate buffer lengths before calling Deriver::derive and PkeyCtxRef::derive when using X25519, X448, DH, or HKDF-extract (see Attack Chain).
• Deploy the Sigma rule provided below to detect potential exploitation attempts (see Rules).

]]>highadvisoryopensslbuffer-overflowrustcryptography