Source: openssl X-Debbugs-CC: [email protected] Severity: normal Tags: security
Hi, The following vulnerability was published for openssl. CVE-2024-9143[0]: | Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with | untrusted explicit values for the field polynomial can lead to out- | of-bounds memory reads or writes. Impact summary: Out of bound | memory writes can lead to an application crash or even a possibility | of a remote code execution, however, in all the protocols involving | Elliptic Curve Cryptography that we're aware of, either only "named | curves" are supported, or, if explicit curve parameters are | supported, they specify an X9.62 encoding of binary (GF(2^m)) curves | that can't represent problematic input values. Thus the likelihood | of existence of a vulnerable application is low. In particular, the | X9.62 encoding is used for ECC keys in X.509 certificates, so | problematic inputs cannot occur in the context of processing X.509 | certificates. Any problematic use-cases would have to be using an | "exotic" curve encoding. The affected APIs include: | EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various | supporting BN_GF2m_*() functions. Applications working with | "exotic" explicit binary (GF(2^m)) curve parameters, that make it | possible to represent invalid field polynomials with a zero constant | term, via the above or similar APIs, may terminate abruptly as a | result of reading or writing outside of array bounds. Remote code | execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, | 3.1 and 3.0 are not affected by this issue. https://openssl-library.org/news/secadv/20241016.txt If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-9143 https://www.cve.org/CVERecord?id=CVE-2024-9143 Please adjust the affected versions in the BTS as needed.
