Did you have this on your Infosec bingo card? Maliciously crafted SSL certificates are able to consume 100% CPU resources and thereby, create a DoS scenario! And the best part? Servers can DoS clients, the same as clients can DoS servers!
What is CVE-2022-0778?
CVE-2022-0778 is a vulnerability within the BN_mod_sqrt() function implemented within the OpenSSL toolkit. This function is used when working with elliptic curves in compressed formats, it is possible to, with certain variables, provide non-prime numbers that trigger an inescapable “while loop” scenario. In this scenario, endless CPU resources are consumed, attempting to solve an equation that will never reach the exit criteria required to break the loop.
As the OpenSSL toolkit is one of the most widely used implementations of SSL available, this has a wide radius of impact, so be sure to reach out to your vendors to check if they utilise OpenSSL and which versions include mitigations where applicable. This advice is especially important for any devices accessible via public or untrusted networks such as internet accessible services.
Which OpenSSL versions are impacted?
OpenSSL 1.0.2, 1.1.1 and 3.0.0/3.0.1 branches are affected.
The fixes are now available for these branches, with versions 1.0.2zd, 1.1.1n and 3.0.2 respectively. The fix mitigates this endless loop vulnerability I discussed earlier, by migrating to a for loop that can catch the relevant conditions, creating an escapable loop.
Does this need to be a valid certificate?
No, and this is probably the most dangerous part! A certificate has to be parsed before it can be validated, and this particular vulnerability is triggered during the parsing process.
As always, NIST have a great overview of the vulnerability, and which vendors have notified NIST of their own documentation detailing impact/mitigation. NIST documentation available here.
Additionally, I’d like to highlight Sophos’ analysis of this vulnerability, the level of detail provided is phenomenal and includes proof of concept links for your own investigations if interested. It’s quite technical at parts, but well worth the read if that’s your area of interest, read it here.