RHSB-2022-004 X.509 Email Address Buffer Overflow - OpenSSL - (CVE-2022-3602 and CVE-2022-3786)
Insights vulnerability analysis
Red Hat Product Security is aware of two vulnerabilities affecting the OpenSSL versions 3.0.0 through version 3.0.6.
Red Hat Product Security rated CVE-2022-3602 and CVE-2022-3786 with an Important severity impact. While the OpenSSL Project initially indicated that it would be a Critical security issue, it is now downgraded to a “High” impact advisory - and Red Hat ranked this as an Important impact security issue.
These issues only impact Red Hat Enterprise Linux (RHEL) version 9.
Red Hat Enterprise Linux versions 8 and below are based on OpenSSL version 1.x and are not affected by this vulnerability.
Further, any Red Hat product supported on Red Hat Enterprise Linux 8 that pulls the OpenSSL package from the RHEL channel is also not affected. For example, layered products, such as Red Hat OpenShift Container Platform (including RHEL CoreOS), Red Hat OpenStack Platform, and Red Hat Virtualization.
Customers’ custom OpenShift workloads based on the UBI9 container base image must be rebuilt once the patch for the RHEL 9 OpenSSL package is released and a new UBI9 base image version is available.
This issue only affects OpenSSL versions 3.0.0 through 3.0.6. Red Hat Enterprise Linux 9 is based on OpenSSL version 3.0.1 and will provide a patch fixing this vulnerability.
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash when trying to process the malicious certificate.
In Red Hat Enterprise Linux 9, OpenSSL is compiled with Stack Smashing Protection. Also during the build process, the compiler rearranges the variables in a way that the buffer overflow is only able to overwrite the stack canaries, limiting the maximum impact of the flaws to a denial of service. Remote code execution is highly unlikely in such cases.
A server-side exploit can be triggered if a server requests a client certificate authentication and a malicious client provides a specially crafted certificate. This issue causes the server to fail when parsing the certificate.
The client-side exploit can be triggered when a client uses an application that uses OpenSSL to process the server certificate by connecting to a rogue server that provides a specially crafted X.509 certificate. This issue causes the client’s OpenSSL to fail.
It is important to note that flawed code is only triggered after the certificate validation against the Certificate Authority (CA) trust chain, meaning that the malicious certificates must be either issued by a valid and accredited CA, or, by deliberately accepting a certificate that is not trusted.
Both CVE-2022-3602 and CVE-2022-3786 can lead to denial of service.
Currently, there is no mitigation available for this flaw. SELinux does not mitigate this flaw. Kpatch is unable to mitigate this flaw. Customers should update to fixed packages once they are available.
The main cause of this security flaw was an off-by-one error (CWE-193) present in the punycode decoder functionality and the ossl_a2ulabel() function of OpenSSL that allows a single unsigned int overwrite of a buffer, which could cause a crash and possible code execution (CWE-94).
Updates for affected products
Red Hat customers running affected versions of these Red Hat products are strongly recommended to update as soon as erratas are available.
Red Hat Enterprise Linux 9
|Red Hat Universal Base Image 9||ubi9||Build 9.0.0-1690|
 Advisory/Update link will be added once updates are live.
A vulnerability detection script has been developed to determine if your system is currently affected by this flaw. To verify the authenticity of the script, you can download the detached OpenPGP signature as well. Instructions on how to use GPG signatures for verification are available on the Customer Portal.
Q: Why isn’t RHEL 8 affected by these issues?
A: RHEL 8 and below versions are based on OpenSSL version 1.x, which is not affected by these security issues.
Q: This vulnerability was originally rated as having a Critical impact, now it shows Important impact. What has changed?
A: After further assessment, the OpenSSL project found that the flawed code is only triggered after the certificate validation against the Certificate Authority (CA) trust chain, meaning that the malicious certificates must be either issued by a valid and accredited CA, or, by deliberately accepting a certificate that is not trusted.
Red Hat blog: OpenSSL: Email address buffer overflow security flaws
How to use GPG to verify signed content from Product Security