Two vulnerabilities were discovered in OpenSSL version 3.0.4 that impacts RSA Private Keys and AES OCB Encryption operations. These vulnerabilities cause an incorrect RSA implementation for 2048-bit private keys that can lead to memory corruption while the device is in use. It also affects AES OCB causing it to fail encrypting some bytes of data.
What is the threat?
OpenSSL version 3.0.4 contains 2 vulnerabilities:
- Within the RSA implementation for X86_64 CPUs that supports instructions from AVX512IFMA. The vulnerability can cause the incorrect RSA implementation for 2048-bit private keys. Due to the incorrect operation, a memory corruption occurs during computation which can enable attackers to perform remote code executions on affected endpoints.
- Another vulnerability affects the AES OCB encryption method. The AES OCB mode for 32-bit x86 platforms using the AES NI assembly-optimized implementation fails to encrypt all data. This allows for 16-bytes of data that already exist in memory and not written to be exposed.
Why is it noteworthy?
Many SSL/TLS servers or other servers that utilizes 2048-bit private RSA keys and operate on devices supporting AVX512IFMA instructions on the X86_64 CPU architecture are affected by this vulnerability. This CPU architecture can be found in most of Intel Processors which are incorporated in many servers. Since the 2048-bit RSA implementation fails, it can cause memory corruption during these mathematical calculations. Also, attackers can exploit this vulnerability to trigger a remote code execution on these devices.
The AES OCB mode for 32-bit x86 platforms using the AES NI assembly-optimized fails to encrypt all data. There would be 16-bytes of data in plaintext that is exposed. OpenSSL does not support OCB-based cipher suites for TLS and DTLS, so this vulnerability does not affect it. However, it does affect versions 1.1.1 and 3.0.
What is the exposure or risk?
These two OpenSSL vulnerabilities can enable threat actors to compromise a company’s data. Once exploited, under the first vulnerability, threat actors can cause heap memory corruption with RSA private key operations. This can also lead attackers to trigger remote code operation on company devices. With the second vulnerability, threat actors can cause AES OCB encryption method to not encrypt all data. Sixteen bytes of data is left exposed in plaintext.
What are the recommendations?
Barracuda MSP recommends the following actions to prevent this vulnerability from impacting your company:
- If you’re running OpenSSL version 3.0.4, upgrade to OpenSSL 3.0.5 for the fix to be applied
- If you’re running OpenSSL version 1.1.1, upgrade to OpenSSL 1.1.1q for the fix to be applied
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.