From: Ankur Tyagi <[email protected]> Details https://nvd.nist.gov/vuln/detail/CVE-2024-34703
Signed-off-by: Ankur Tyagi <[email protected]> --- .../botan/botan/CVE-2024-34703.patch | 38 +++++++++++++++++++ meta-oe/recipes-crypto/botan/botan_3.2.0.bb | 4 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch diff --git a/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch b/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch new file mode 100644 index 0000000000..c3eb6e0936 --- /dev/null +++ b/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch @@ -0,0 +1,38 @@ +From 0d7909e8d88782fd827ed6869563c435f418c5ff Mon Sep 17 00:00:00 2001 +From: Jack Lloyd <[email protected]> +Date: Tue, 20 Feb 2024 06:30:10 -0500 +Subject: [PATCH] When decoding an arbitrary elliptic curve, set an upper bound + on length + +Otherwise it's trivial to send a very large prime, which can take a +significant amount of computation to check. + +Reported by Bing Shi + +CVE: CVE-2024-34703 +Upstream-Status: Backport [https://github.com/randombit/botan/commit/fbe9ec578a8548958677224d2e60d2c2c838bc9a] +(cherry picked from commit fbe9ec578a8548958677224d2e60d2c2c838bc9a) +Signed-off-by: Ankur Tyagi <[email protected]> +--- + src/lib/pubkey/ec_group/ec_group.cpp | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp +index eb4ed90e2..beaeedd51 100644 +--- a/src/lib/pubkey/ec_group/ec_group.cpp ++++ b/src/lib/pubkey/ec_group/ec_group.cpp +@@ -357,8 +357,12 @@ std::pair<std::shared_ptr<EC_Group_Data>, bool> EC_Group::BER_decode_EC_group(co + .end_cons() + .verify_end(); + +- if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p)) { +- throw Decoding_Error("Invalid ECC p parameter"); ++ if(p.bits() < 112 || p.bits() > 1024) { ++ throw Decoding_Error("ECC p parameter is invalid size"); ++ } ++ ++ if(p.is_negative() || !is_bailie_psw_probable_prime(p)) { ++ throw Decoding_Error("ECC p parameter is not a prime"); + } + + if(a.is_negative() || a >= p) { diff --git a/meta-oe/recipes-crypto/botan/botan_3.2.0.bb b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb index 1fdda65a05..3c603a9b26 100644 --- a/meta-oe/recipes-crypto/botan/botan_3.2.0.bb +++ b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb @@ -4,7 +4,9 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://license.txt;md5=f5254d3abe90ec5bb82c5694ff751546" SECTION = "libs" -SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz"; +SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \ + file://CVE-2024-34703.patch \ +" SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3" S = "${WORKDIR}/Botan-${PV}"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121852): https://lists.openembedded.org/g/openembedded-devel/message/121852 Mute This Topic: https://lists.openembedded.org/mt/116354277/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
