CVE-2022-0778 - Loop with Unreachable Exit Condition ('Infinite Loop')

Severity

75%

Complexity

39%

Confidentiality

60%

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Demo Examples

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.


               
}
...// create socket to connect to server
}// establish connection to server// if connected then read and process messages from server
...// read and process messages
// keep trying to establish connection to the server// close socket and return success or failure

However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code.


               
}
...// initialize number of attempts counter
}// establish connection to server// increment counter// if connected then read and process messages from server
...// read and process messages
// keep trying to establish connection to the server// up to a maximum number of attempts// close socket and return success or failure

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.


               
}
return isReorder;// get inventory count for book// find number of days until inventory count reaches minimum
days++;
// if number of days within reorder timeframe// set reorder return boolean to true
isReorder = true;

However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code.


               
}
...// validate rateSold variable
return isReorder;

Overview

First reported 3 years ago

2022-03-15 17:15:00

Last updated 2 years ago

2022-11-09 20:43:00

Affected Software

OpenSSL Project OpenSSL

Debian Linux 9.0

9.0

References

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83

https://www.openssl.org/news/secadv/20220315.txt

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65

DSA-5103

[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update

[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83

Broken Link

https://www.openssl.org/news/secadv/20220315.txt

Vendor Advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246

Mailing List, Patch, Vendor Advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65

Mailing List, Patch, Vendor Advisory

DSA-5103

Third Party Advisory

[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update

Mailing List, Third Party Advisory

[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20220321-0002/

Third Party Advisory

FEDORA-2022-a5f51502f0

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002

FEDORA-2022-a5f51502f0

Mailing List

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002

Third Party Advisory

https://www.tenable.com/security/tns-2022-06

https://www.tenable.com/security/tns-2022-07

FEDORA-2022-9e88b5d8d7

FEDORA-2022-8bb51f6901

https://www.tenable.com/security/tns-2022-08

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.tenable.com/security/tns-2022-09

https://security.netapp.com/advisory/ntap-20220429-0005/

https://support.apple.com/kb/HT213256

https://support.apple.com/kb/HT213255

https://support.apple.com/kb/HT213257

20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html

https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf

FEDORA-2022-a5f51502f0

Mailing List, Third Party Advisory

https://www.tenable.com/security/tns-2022-06

Third Party Advisory

https://www.tenable.com/security/tns-2022-07

Third Party Advisory

FEDORA-2022-9e88b5d8d7

Mailing List, Third Party Advisory

FEDORA-2022-8bb51f6901

Mailing List, Third Party Advisory

https://www.tenable.com/security/tns-2022-08

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

https://www.tenable.com/security/tns-2022-09

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220429-0005/

Third Party Advisory

https://support.apple.com/kb/HT213256

Third Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Third Party Advisory

20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Third Party Advisory

20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Third Party Advisory

http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf

Third Party Advisory

N/A

20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Mailing List, Third Party Advisory

20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Mailing List, Third Party Advisory

20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Mailing List, Third Party Advisory

http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html

Third Party Advisory, VDB Entry

N/A

Third Party Advisory

GLSA-202210-02

GLSA-202210-02

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.