Headline
CVE-2022-3996: x509: fix double locking problem · openssl/openssl@7725e7b
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling either
X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
openssl / openssl Public
- Notifications
- Fork 8.7k
- Star 20.4k
- Code
- Issues 1.8k
- Pull requests 275
- Actions
- Projects 2
- Wiki
- Security
- Insights
More
Permalink
Browse files
x509: fix double locking problem
This reverts commit 9aa4be6 and removed the redundant flag setting.
Fixes #19643
Fixes LOW CVE-2022-3996
Reviewed-by: Dmitry Belyavskiy [email protected] Reviewed-by: Tomas Mraz [email protected] (Merged from #19652)
(cherry picked from commit 4d0340a)
- Loading branch information
paulidale authored and t8m committed
Dec 8, 2022
1 parent 9a5c884 commit 7725e7bfe6f2ce8146b6552b44e0d226be7638e7
Showing 1 changed file with 0 additions and 4 deletions.
4 crypto/x509/pcy_map.c
Show comments View file
@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
ret = 1;
bad_mapping:
if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
x->ex_flags |= EXFLAG_INVALID_POLICY;
CRYPTO_THREAD_unlock(x->lock);
}
sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
return ret;
0 comments on commit 7725e7b
Please sign in to comment.
Related news
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Ubuntu Security Notice 6039-1 - It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. David Benjamin discovered that OpenSSL was not properly performing the verification of X.509 certificate chains that include policy constraints, which could lead to excessive resource consumption. If a user or automated system were tricked into processing a specially crafted X.509 certificate chain that includes policy constraints, a remote attacker could possibly use this issue to cause a denial of service.
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The