CVE-2022-0778: OpenSSL Denial of Service Vulnerability Alert
The function BN_mod_sqrt() for computing square roots contains a bug that could cause it to loop indefinitely for non-prime moduli. This function is used internally when parsing a certificate that contains an elliptic curve public key in compressed form or an explicit elliptic curve parameter with a base point encoded in compressed form.
“Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack,” OpenSSL said in an advisory published on March 15, 2022.
A specific certificate can be crafted to trigger an infinite loop, vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
At present, the OpenSSL project team has released a new version to fix the CVE-2022-0778 vulnerability, and users who use OpenSSL are advised to upgrade to the latest version as soon as possible.