Summary
OpenSSL has released a new version, 3.0.7, as of November 1st.
The OpenSSL version 3.0.7 software remediates two high severity vulnerabilities, CVE-2022-3602 and CVE-2022-3786. It appears to be possible to achieve remote code execution from the CVE-2022-3602 vulnerability. There is currently no publicly known exploit code and it has not been seen exploited in the wild yet.
Risk: High
Likelihood of exploitation: Unknown at this time.
Exploit PoC: No working exploits are known.
Exploitation in wild: No known exploitation in the wild has been identified.
Description
The 3.0.7 patch from OpenSSL remediates two vulnerabilities, identified as CVE-2022-3602 and CVE-2022-3786. More information about each of the vulnerabilities can be seen below and also in greater detail from the OpenSSL Security Advisory (01 November 2022).
CVE-2022-3602, X.509 Email Address 4-byte Buffer Overflow, is a buffer overflow vulnerability which can be triggered in X.509 certificate verification. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution (RCE).
CVE-2022-3786, X.509 Email Address Variable Length Buffer Overflow, is a buffer overflow vulnerability which can be triggered in X.509 certificate verification. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service).
Detection
To determine if a system is vulnerable, you should look for OpenSSL packages installed on your system and also bundled with an application. Looking through your filesystem can help determine if your system and/or application is affected. In some situations you may have to contact a vendor upstream that controls the software version for their provided product.
Remediation
If you are using an OpenSSL version between 3.0.0 and 3.0.6 you will need to update this version to be running on 3.0.7 in order to be safe from these vulnerabilities.