A vulnerability was foundin OpenSSL up to 3.3.2 (Network EncryptionSoftware) and classifiedas critical.Using CWE todeclare theproblem leads to CWE-787. The product writes data past theend, or before the beginning, of the intended buffer.Impactedis confidentiality, integrity, and availability.Upgrading to version 1.0.2zl, 1.1.1zb, 3.0.16, 3.1.8, 3.2.4 or 3.3.3 eliminatesthis vulnerability. The upgrade is hosted for download at github.openssl.org.Applying the patch 9d576994cec2b7aa37a91740ea7e680810957e41 is able to eliminate this problem. The bugfixis ready fordownload at github.openssl.org. The best possible mitigation is suggested tobe upgrading to the latestversion.
Issue summary: Use of thelow-level GF(2^m) elliptic curve APIs withuntrustedexplicit valuesfor the field polynomialcan lead toout-of-bounds memory readsor writes.Impactsummary: Out ofbound memory writes can lead to an application crash oreven apossibility of a remote code execution, however, in all the protocolsinvolving Elliptic Curve Cryptography that we re aware of,either only namedcurves are supported, or, if explicit curve parameters aresupported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can t representproblematic inputvalues. Thusthe likelihood of existence of a vulnerableapplication is low.In particular,the X9.62 encoding is usedfor ECC keys in X.509 certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an exotic curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with exotic explicit binary (GF(2^m)) curve parameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote code executioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
