David Benjamin

**Nome do software vulnerável e versões afetadas** Versões do OpenSSL anteriores à 3.0.15 IBM AIX (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma negação de serviço nas verificações de nomes X.509. Aplicativos que realizam verificações de nomes de certificados, como clientes TLS que verificam certificados de servidor, podem tentar ler um endereço de memória inválido ao comparar o nome esperado com um nome alternativo do sujeito `otherName` de um certificado X.509. Isso pode resultar em uma exceção que encerra o programa aplicativo. A validação básica da cadeia de certificados não é afetada, e a negação de serviço só pode ocorrer quando o aplicativo também especifica um nome DNS, endereço de e-mail ou endereço IP esperado. Os servidores TLS geralmente não são afetados, e a gravidade do problema é Moderada. **Recomendações** Para versões do OpenSSL anteriores à 3.0.15, atualize para a versão 3.0.15 ou posterior para resolver o problema. Para o IBM AIX, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do OpenSSL anteriores à próxima versão (versão exata não especificada) CPython versão 3.9 e anteriores **Descrição** O problema está relacionado à função da API do OpenSSL `SSL select next proto`, que pode causar uma falha ou o envio do conteúdo da memória para o par quando chamada com um buffer vazio de protocolos de cliente suportados. Isso pode resultar em perda de confidencialidade, com até 255 bytes de dados privados arbitrários da memória sendo enviados para o par. O problema normalmente não está sob o controle do invasor e pode ocorrer acidentalmente devido a um erro de configuração ou programação no aplicativo que faz a chamada. A função `SSL select next proto` é usada por aplicativos TLS que suportam ALPN (Application Layer Protocol Negotiation) ou NPN (Next Protocol Negotiation), sendo que o NPN é mais antigo e está obsoleto em favor do ALPN. **Recomendações** Para versões do OpenSSL anteriores à próxima versão, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade. Para o CPython versão 3.9 e anteriores, certifique-se de que `SSLContext.set npn protocols()` não esteja configurado com uma lista vazia para evitar o problema de leitura excessiva do buffer. Como solução temporária, considere desativar o uso do NPN em favor do ALPN para minimizar o risco de exploração. Restrinja o acesso à função `SSL select next proto` para evitar chamadas acidentais com buffers de protocolo de cliente vazios. Evite usar o parâmetro `client len` com valor 0 ao chamar t

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.1.1w **Description** The issue is related to the generation and checking of excessively long X9.42 DH keys or parameters, which may cause long delays in applications using the affected functions. This can lead to a Denial of Service attack if the key or parameters are obtained from an untrusted source. The `DH generate key()` and `DH check pub key()` functions are vulnerable to excessively large P and Q parameters. Other affected functions include `DH check pub key ex()`, `EVP PKEY public check()`, and `EVP PKEY generate()`. The OpenSSL pkey command line application and the OpenSSL genpkey command line application are also vulnerable when using the "-pubcheck" option. **Recommendations** To resolve the issue, update OpenSSL to version 1.1.1w or later. As a temporary workaround, consider disabling the `DH generate key()` and `DH check pub key()` functions until a patch is available. Restrict access to the vulnerable `DH check pub key ex()`, `EVP PKEY public check()`, and `EVP PKEY generate()` functions to minimize the risk of exploitation. Avoid using the `pkey` command line application with the "-pubcheck" option and the `genpkey` command line application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** The function `X509 VERIFY PARAM add0 policy()` is documented to implicitly enable the certificate policy check when doing certificate verification. However, the implementation of the function does not enable the check, which allows certificates with invalid or incorrect policies to pass the certificate verification. This could potentially allow a remote attacker to execute a "man-in-the-middle" attack. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. **Recommendations** To resolve the issue, applications that require OpenSSL to perform certificate policy checks need to use `X509 VERIFY PARAM set1 policies()` or explicitly enable the policy check by calling `X509 VERIFY PARAM set flags()` with the `X509 V FLAG POLICY CHECK` flag argument. As a temporary workaround, consider disabling the use of the `X509 VERIFY PARAM add0 policy()` function until a patch is available. Restrict access to the vulnerable `X509 VERIFY PARAM add0 policy()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** The issue is related to the handling of invalid certificate policies in leaf certificates by OpenSSL. When a non-default option is used for verifying certificates, applications may be vulnerable to an attack from a malicious Certificate Authority (CA) that could circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored, and other certificate policy checks are skipped for that certificate. A malicious CA could deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509 VERIFY PARAM set1 policies()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A security issue has been identified in OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this issue by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509 VERIFY PARAM set1 policies()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.2.1 iOS versions prior to 16.3.1 iPadOS versions prior to 16.3.1 tvOS versions prior to 16.3.2 watchOS versions prior to 9.3.1 **Description** A denial-of-service issue was addressed with improved input validation. Processing a maliciously crafted certificate may lead to a denial-of-service. The issue is related to uncontrolled resource consumption when processing certificates, which can be exploited by a remote attacker to cause a denial-of-service. **Recommendations** For macOS Ventura versions prior to 13.2.1, update to macOS Ventura 13.2.1. For iOS versions prior to 16.3.1, update to iOS 16.3.1. For iPadOS versions prior to 16.3.1, update to iPadOS 16.3.1. For tvOS versions prior to 16.3.2, update to tvOS 16.3.2. For watchOS versions prior to 9.3.1, update to watchOS 9.3.1. As a temporary workaround, consider restricting the processing of certificates to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1 STRING but the public structure definition for GENERAL NAME incorrectly specified the type of the x400Address field as ASN1 TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL NAME cmp as an ASN1 TYPE rather than an ASN1 STRING. When CRL checking is enabled (i.e. the application sets the X509 V FLAG CRL CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do OpenSSL 1.1.1 a 1.1.1h Versões do OpenSSL 1.0.2 a 1.0.2w **Descrição** O problema está relacionado à função GENERAL NAME cmp no OpenSSL, que compara diferentes instâncias de um GENERAL NAME para verificar se são iguais ou não. Essa função se comporta incorretamente quando ambos os GENERAL NAMEs contêm um EDIPARTYNAME, levando a uma desreferência de ponteiro NULL e a uma falha, o que pode resultar em um ataque de negação de serviço. A função GENERAL NAME cmp é usada para comparar nomes de pontos de distribuição de CRL e verificar signatários de tokens de resposta de carimbo de data/hora. Um invasor poderia provocar uma falha controlando ambos os itens que estão sendo comparados, por exemplo, induzindo um cliente ou servidor a verificar um certificado malicioso contra uma CRL maliciosa. Alguns aplicativos baixam automaticamente CRLs com base em uma URL incorporada em um certificado, o que também pode levar a esse problema. **Recomendações** Para as versões 1.1.1 a 1.1.1h do OpenSSL, atualize para a versão 1.1.1i. Para as versões 1.0.2 a 1.0.2w do OpenSSL, atualize para a versão 1.0.2x. Como solução temporária, considere desativar a função GENERAL NAME cmp ou restringir o uso de EDIPARTYNAME até que um patch esteja disponível. Evite usar a opção “-crl download” nas ferramentas s server, s client e verify do OpenSSL até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 6u181, 7u161, and 8u152 Java SE Embedded version 8u152 JRockit version R28.3.17 **Description** The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, and JRockit. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data or complete access to all accessible data. This issue can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. **Recommendations** For Java SE versions 6u181, 7u161, and 8u152, update to a version that contains a fix for this issue. For Java SE Embedded version 8u152, update to a version that contains a fix for this issue. For JRockit version R28.3.17, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `Security` component until a patch is available. Avoid using sandboxed Java Web Start applications and sandboxed Java applets until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Node.js (affected versions not specified) **Description** The issue concerns a TLS handshake failure due to the use of SSL read(), allowing an active network attacker to send application data to Node.js using the TLS or HTTP2 modules, bypassing TLS authentication and encryption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2b through 1.0.2m MySQL Server versions 5.6.38 and earlier MySQL Server versions 5.7.20 and earlier Description: The issue is related to the incorrect handling of the "error state" mechanism in OpenSSL when `SSL read()` or `SSL write()` functions are called directly. This can lead to the transmission of unencrypted confidential data over the network at the SSL/TLS level. The vulnerability can be exploited if an application bug results in a call to `SSL read()` or `SSL write()` after a fatal error has been received. Recommendations: For OpenSSL versions 1.0.2b through 1.0.2m, update to OpenSSL 1.0.2n to resolve the issue. For MySQL Server versions 5.6.38 and earlier, and 5.7.20 and earlier, consider restricting access to the affected MySQL Server component until a patch is available. As a temporary workaround, consider disabling the use of `SSL read()` and `SSL write()` functions directly in applications until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Conscrypt in Android versions 4.x through 4.4.3 Conscrypt in Android versions 5.0.x through 5.0.1 Conscrypt in Android versions 5.1.x through 5.1.0 Conscrypt in Android versions 6.x before 2016-08-05 **Description** The issue is related to the Conscrypt component in the Android operating system and involves improper identification of session reuse. This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-08-05, update to a version released after 2016-08-05.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.1o OpenSSL versions prior to 1.0.2c **Description** The issue is caused by a buffer overflow in the ASN.1 implementation, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted ANY field in serialized data. This can lead to memory corruption. The vulnerability is related to the misinterpretation of large universal tags as negative zero values in ANY structures. **Recommendations** For versions prior to 1.0.1o, update to version 1.0.1o or later. For versions prior to 1.0.2c, update to version 1.0.2c or later. As a temporary workaround, consider restricting the use of the `d2i ASN1 TYPE` function until a patch is available. Avoid deserializing untrusted ASN.1 structures containing an ANY field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera versions prior to 47.0.2526.73 **Description** The issue is related to multiple unspecified vulnerabilities in the code of Google Chrome, which can be exploited by remote attackers to cause a denial of service or possibly have other impact via unknown vectors. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later. For Opera versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later. As a temporary workaround, consider restricting access to sensitive features in Google Chrome and Opera until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.1 Apple OS X versions prior to 10.11.1 **Description** A double free issue allows attackers to write to arbitrary files by using a crafted app that accesses `AtomicBufferedFile` descriptors. **Recommendations** For Apple iOS versions prior to 9.1, update to version 9.1 or later. For Apple OS X versions prior to 10.11.1, update to version 10.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.1n through 1.0.1o OpenSSL versions 1.0.2b through 1.0.2c MySQL Server version 5.6.25 and earlier **Description** The issue is related to the processing of X.509 Basic Constraints cA values during the identification of alternative certificate chains, which can allow remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. This can enable an attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks. The vulnerability affects applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. **Recommendations** For OpenSSL versions 1.0.1n through 1.0.1o, update to a version that addresses this vulnerability. For OpenSSL versions 1.0.2b through 1.0.2c, update to a version that addresses this vulnerability. For MySQL Server version 5.6.25 and earlier, update to a version that addresses this vulnerability. As a temporary workaround, consider restricting access to untrusted certificates to minimize the risk of exploitation. Avoid using the vulnerable `X509 verify cert` function until a patch is available.