OpenSSL CVE-2016-2108 Buffer Overflow Vulnerability

description-logoDescription

Severity: HighThis issue affected versions of OpenSSL prior to April 2015. The bugcausing the vulnerability was fixed on April 18th 2015, and releasedas part of the June 11th 2015 security releases. The security impactof the bug was not known at the time.In previous versions of OpenSSL, ASN.1 encoding the value zerorepresented as a negative integer can cause a buffer underflowwith an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser doesnot normally create "negative zeroes" when parsing ASN.1 input, andtherefore, an attacker cannot trigger this bug.However, a second, independent bug revealed that the ASN.1 parseras a negative zero value. Large universal tags are not present in anycommon ASN.1 structures (such as X509) but are accepted as part of ANYstructures.Therefore, if an application deserializes untrusted ASN.1 structurescontaining an ANY field, and later reserializes them, an attacker maybe able to trigger an out-of-bounds write. This has been shown tocause memory corruption that is potentially exploitable with somemalloc implementations.Applications that parse and re-encode X509 certificates are known tobe vulnerable. Applications that verify RSA signatures on X509certificates may also be vulnerable; however, only certificates withvalid signatures trigger ASN.1 re-encoding and hence thebug. Specifically, since OpenSSL's default TLS X509 chain verificationcode verifies the certificate chain from root to leaf, TLS handshakescould only be targeted with valid certificates issued by trustedCertification Authorities.OpenSSL 1.0.2 users should upgrade to 1.0.2cOpenSSL 1.0.1 users should upgrade to 1.0.1oThis vulnerability is a combination of two bugs, neither of whichindividually has security impact. The first bug (mishandling ofnegative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwalaissue (mishandling of large universal tags) was found using libFuzzer,and reported on the public issue tracker on March 1st 2016. The factthat these two issues combined present a security vulnerability wasreported by David Benjamin (Google) on March 31st 2016. The fixes weredeveloped by Steve Henson of the OpenSSL development team, and DavidBenjamin. The OpenSSL team would also like to thank Mark Brand andIan Beer from the Google Project Zero team for their careful analysisof the impact.The fix for the "negative zero" memory corruption bug can beidentified by commits3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)and32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-2108