OpenSSL subject to remote memory corruption

A security researcher has sparked controversy in the OpenSSL community, claiming he has found a security vulnerability in a version released last week.

Guido Vranken blogged that OpenSSL 3.0.4, which shipped on June 21, has a memory corruption he claims “can be trivially triggered by an attacker”.

That version of OpenSSL was released to address CVE-2022-1292, a moderate-rated vulnerability related to input sanitisation and needed because a previous fix didn't work.

According to Vranken, the bug he reported only affects systems using processors that implement AVX512 (Intel’s Advanced Vector Extensions 512) support, and it doesn’t affect the OpenSSL 1.1.1 branch, BoringSSL or LibreSSL.

In an overwhelmingly technical post describing how he found the potential memory corruption, Vranken wrote: “If RCE exploitation is possible this makes it worse than Heartbleed in an isolated severity assessment, though the potential blast radius is limited by the fact that many people are still using the 1.1.1 tree rather than 3, libssl has forked into LibreSSL and BoringSSL, the vulnerability has only existed for a week (HB existed for years) and an AVX512-capable CPU is required.”

There is, however, doubt about whether it’s a vulnerability or a mere crash.

As OpenSSL Foundation developer Tomáš Mráz commented at Github: “I do not think this is a security vulnerability. It is just a serious bug making 3.0.4 release unusable on AVX512 capable machines.”

Developer Alex Gaynor responded: “I'm not sure I understand how it's not a security vulnerability. It's a heap buffer overflow that's triggerable by things like RSA signatures, which can easily happen in remote contexts (e.g. a TLS handshake).”

While a fix is available via GitHub and is promised in OpenSSL 3.0.5, a date hasn’t yet been put on that release.