CVE-2023-0215

Name of the Vulnerable Software and Affected Versions OpenSSL (affected versions not specified) MySQL Server versions 5.7.41 and earlier, 8.0.32 and earlier

Description The public API function BIO new NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO f asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64 write ASN1() which may cause BIO new NDEF() to be called and will subsequently call BIO pop() on the BIO. Other public API functions that may be impacted by this include i2d ASN1 bio stream, BIO new CMS, BIO new PKCS7, i2d CMS bio stream and i2d PKCS7 bio stream.

Recommendations For OpenSSL, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MySQL Server versions 5.7.41 and earlier, 8.0.32 and earlier, update to a version that is not affected by this vulnerability. As a temporary workaround, consider disabling the BIO new NDEF() function until a patch is available. Restrict access to the vulnerable module BIO f asn1 to minimize the risk of exploitation. Avoid using the BIO pop() function on the BIO until the issue is resolved.