From f4a7cc4137ca29461eaca16bdd06f4c02fe15f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 08:29:12 +0000 Subject: [PATCH 01/24] add CVE-2023-0215 to openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index f822acc2..be376cef 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -56,6 +56,7 @@ cve: - CVE-2022-2274 - CVE-2022-3602 - CVE-2023-25136 + - CVE-2023-0215 libxml2: - CVE-2020-24977 - CVE-2021-3517 -- Gitee From 9e59295c4478e9f6edf304fb9c08132c2500040c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 08:51:38 +0000 Subject: [PATCH 02/24] add cve/openssl/2023/yaml/CVE-2023-0215.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2023/yaml/CVE-2023-0215.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cve/openssl/2023/yaml/CVE-2023-0215.yaml diff --git a/cve/openssl/2023/yaml/CVE-2023-0215.yaml b/cve/openssl/2023/yaml/CVE-2023-0215.yaml new file mode 100644 index 00000000..43d939c3 --- /dev/null +++ b/cve/openssl/2023/yaml/CVE-2023-0215.yaml @@ -0,0 +1,20 @@ +id: CVE-2023-0215 +source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215 +info: + name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 + severity: Moderate + description: | + The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. + scope-of-influence: + The OpenSSL cms and smime command line applications are similarly affected. + reference: + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344 + classification: + cvss-metrics: CVSS:3.1 + cvss-score: 漏洞评分 + cve-id: CVE-2023-0215 + cwe-id: None + cnvd-id: None + kve-id: None + tags: 漏洞标签 \ No newline at end of file -- Gitee From 955a686b283b94d90a4691416b8fa82c3f2b817e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 08:52:16 +0000 Subject: [PATCH 03/24] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20=20CVE-2023-0215?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2023/ CVE-2023-0215/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2023/ CVE-2023-0215/.keep diff --git a/cve/openssl/2023/ CVE-2023-0215/.keep b/cve/openssl/2023/ CVE-2023-0215/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 92e9bd4e656e5ba14369aa0a336e787e498ac7bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 08:54:57 +0000 Subject: [PATCH 04/24] add cve/openssl/2023/ CVE-2023-0215. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2023/ CVE-2023-0215/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 cve/openssl/2023/ CVE-2023-0215/README.md diff --git a/cve/openssl/2023/ CVE-2023-0215/README.md b/cve/openssl/2023/ CVE-2023-0215/README.md new file mode 100644 index 00000000..ac044e5e --- /dev/null +++ b/cve/openssl/2023/ CVE-2023-0215/README.md @@ -0,0 +1 @@ +R \ No newline at end of file -- Gitee From 0a2deb4f34ba53ce157e39e8dbe935a70b37ae09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:03:06 +0000 Subject: [PATCH 05/24] update cve/openssl/2023/yaml/CVE-2023-0215.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2023/yaml/CVE-2023-0215.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cve/openssl/2023/yaml/CVE-2023-0215.yaml b/cve/openssl/2023/yaml/CVE-2023-0215.yaml index 43d939c3..c7ec25d1 100644 --- a/cve/openssl/2023/yaml/CVE-2023-0215.yaml +++ b/cve/openssl/2023/yaml/CVE-2023-0215.yaml @@ -11,10 +11,10 @@ info: - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344 classification: - cvss-metrics: CVSS:3.1 - cvss-score: 漏洞评分 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.5 cve-id: CVE-2023-0215 - cwe-id: None + cwe-id: CWE-416 cnvd-id: None kve-id: None tags: 漏洞标签 \ No newline at end of file -- Gitee From 55efb638fcef4c5c78e46b227626b4a22df3bd85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:04:48 +0000 Subject: [PATCH 06/24] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/openssl/2023/=20CVE-2023-0215/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2023/ CVE-2023-0215/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/openssl/2023/ CVE-2023-0215/.keep diff --git a/cve/openssl/2023/ CVE-2023-0215/.keep b/cve/openssl/2023/ CVE-2023-0215/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 242d9b694f712f4bfb728621b83272cd83646252 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:41:39 +0000 Subject: [PATCH 07/24] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2022-0778?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2022/CVE-2022-0778/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2022/CVE-2022-0778/.keep diff --git a/cve/openssl/2022/CVE-2022-0778/.keep b/cve/openssl/2022/CVE-2022-0778/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 3c1b35fc95af8ee8a307a9ca9f0833f84558266f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:42:04 +0000 Subject: [PATCH 08/24] add cve/openssl/2022/CVE-2022-0778/README.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2022/CVE-2022-0778/README.md diff --git a/cve/openssl/2022/CVE-2022-0778/README.md b/cve/openssl/2022/CVE-2022-0778/README.md new file mode 100644 index 00000000..e69de29b -- Gitee From ab61678342b707fbefe5810e85d5455d3b93b856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:42:11 +0000 Subject: [PATCH 09/24] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/openssl/2022/CVE-2022-0778/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2022/CVE-2022-0778/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/openssl/2022/CVE-2022-0778/.keep diff --git a/cve/openssl/2022/CVE-2022-0778/.keep b/cve/openssl/2022/CVE-2022-0778/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 500859751f4f61e9960bf19c7a3f395bb5a3a3a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:42:53 +0000 Subject: [PATCH 10/24] update openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- openkylin_list.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index be376cef..f5862baf 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -56,7 +56,7 @@ cve: - CVE-2022-2274 - CVE-2022-3602 - CVE-2023-25136 - - CVE-2023-0215 + - CVE-2022-0778 libxml2: - CVE-2020-24977 - CVE-2021-3517 -- Gitee From 40f8462fafd645a353efd281d03bb5c0837ed0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:43:36 +0000 Subject: [PATCH 11/24] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/openssl/2023/=20CVE-2023-0215?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2023/ CVE-2023-0215/README.md | 1 - 1 file changed, 1 deletion(-) delete mode 100644 cve/openssl/2023/ CVE-2023-0215/README.md diff --git a/cve/openssl/2023/ CVE-2023-0215/README.md b/cve/openssl/2023/ CVE-2023-0215/README.md deleted file mode 100644 index ac044e5e..00000000 --- a/cve/openssl/2023/ CVE-2023-0215/README.md +++ /dev/null @@ -1 +0,0 @@ -R \ No newline at end of file -- Gitee From e999058962ac212aa57f25501d766b2b9cb84fad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:44:15 +0000 Subject: [PATCH 12/24] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=20cve/openssl?= =?UTF-8?q?/2023/yaml/CVE-2023-0215.yaml=20=E4=B8=BA=20cve/openssl/2023/ya?= =?UTF-8?q?ml/CVE-2022-0778.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2023/yaml/{CVE-2023-0215.yaml => CVE-2022-0778.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cve/openssl/2023/yaml/{CVE-2023-0215.yaml => CVE-2022-0778.yaml} (100%) diff --git a/cve/openssl/2023/yaml/CVE-2023-0215.yaml b/cve/openssl/2023/yaml/CVE-2022-0778.yaml similarity index 100% rename from cve/openssl/2023/yaml/CVE-2023-0215.yaml rename to cve/openssl/2023/yaml/CVE-2022-0778.yaml -- Gitee From ed0310c4f6b0c38fdca9fa35a139ce41adf4f92f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:50:58 +0000 Subject: [PATCH 13/24] update cve/openssl/2023/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2023/yaml/CVE-2022-0778.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/cve/openssl/2023/yaml/CVE-2022-0778.yaml b/cve/openssl/2023/yaml/CVE-2022-0778.yaml index c7ec25d1..37930087 100644 --- a/cve/openssl/2023/yaml/CVE-2022-0778.yaml +++ b/cve/openssl/2023/yaml/CVE-2022-0778.yaml @@ -1,20 +1,19 @@ -id: CVE-2023-0215 -source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215 +id: CVE-2022-0778 +source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 info: name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 - severity: Moderate - description: | - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. + severity: High + description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。 scope-of-influence: - The OpenSSL cms and smime command line applications are similarly affected. + Openssl Openssl 3.0.0 reference: - - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb - - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344 + - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf + - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 - cve-id: CVE-2023-0215 - cwe-id: CWE-416 + cve-id: CVE-2022-0778 + cwe-id: CWE-835 cnvd-id: None kve-id: None tags: 漏洞标签 \ No newline at end of file -- Gitee From e702a14927cc0d2b17088f2953916762becbbefd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:51:40 +0000 Subject: [PATCH 14/24] add cve/openssl/2022/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/yaml/CVE-2022-0778.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2022/yaml/CVE-2022-0778.yaml diff --git a/cve/openssl/2022/yaml/CVE-2022-0778.yaml b/cve/openssl/2022/yaml/CVE-2022-0778.yaml new file mode 100644 index 00000000..e69de29b -- Gitee From fb2629057921df6b52d2e2e19a30a88ed4e2d520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:52:03 +0000 Subject: [PATCH 15/24] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/openssl/2023/yaml/CVE-2022-0778.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2023/yaml/CVE-2022-0778.yaml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 cve/openssl/2023/yaml/CVE-2022-0778.yaml diff --git a/cve/openssl/2023/yaml/CVE-2022-0778.yaml b/cve/openssl/2023/yaml/CVE-2022-0778.yaml deleted file mode 100644 index 37930087..00000000 --- a/cve/openssl/2023/yaml/CVE-2022-0778.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: CVE-2022-0778 -source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 -info: - name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 - severity: High - description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。 - scope-of-influence: - Openssl Openssl 3.0.0 - reference: - - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf - - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - cvss-score: 7.5 - cve-id: CVE-2022-0778 - cwe-id: CWE-835 - cnvd-id: None - kve-id: None - tags: 漏洞标签 \ No newline at end of file -- Gitee From db76e5de79d0602430eb423fa3a5f329131f2ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:52:20 +0000 Subject: [PATCH 16/24] update cve/openssl/2022/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/yaml/CVE-2022-0778.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/cve/openssl/2022/yaml/CVE-2022-0778.yaml b/cve/openssl/2022/yaml/CVE-2022-0778.yaml index e69de29b..9bc94f76 100644 --- a/cve/openssl/2022/yaml/CVE-2022-0778.yaml +++ b/cve/openssl/2022/yaml/CVE-2022-0778.yaml @@ -0,0 +1,19 @@ +id: CVE-2022-0778 +source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 +info: + name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 + severity: High + description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。 + scope-of-influence: + Openssl Openssl 3.0.0 + reference: + - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf + - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.5 + cve-id: CVE-2022-0778 + cwe-id: CWE-835 + cnvd-id: None + kve-id: None + tags: 漏洞标签 \ No newline at end of file -- Gitee From 3fea4fdac74bca1ee644edc83faf718861b806eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:56:04 +0000 Subject: [PATCH 17/24] update cve/openssl/2022/CVE-2022-0778/README.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cve/openssl/2022/CVE-2022-0778/README.md b/cve/openssl/2022/CVE-2022-0778/README.md index e69de29b..e1f2ac0a 100644 --- a/cve/openssl/2022/CVE-2022-0778/README.md +++ b/cve/openssl/2022/CVE-2022-0778/README.md @@ -0,0 +1,7 @@ + +The prerequisite is having installed gcc and a vulnerable version of OpenSSL. + +For the bug in BN_mod_sqrt(): compile with gcc -o my_bad_sqrt my_bad_sqrt.c -lcrypto, run ./my_bad_sqrt + +With a certificate: run openssl x509 -in certs/cert.der.new -inform DER -text -noout + -- Gitee From ccf411e2f5d62a73b2749369106bb44ae33c5874 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:57:20 +0000 Subject: [PATCH 18/24] add cve/openssl/2022/CVE-2022-0778/bad_BN.c. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/bad_BN.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 cve/openssl/2022/CVE-2022-0778/bad_BN.c diff --git a/cve/openssl/2022/CVE-2022-0778/bad_BN.c b/cve/openssl/2022/CVE-2022-0778/bad_BN.c new file mode 100644 index 00000000..34247ac8 --- /dev/null +++ b/cve/openssl/2022/CVE-2022-0778/bad_BN.c @@ -0,0 +1,22 @@ +#include + + +int main() { + BN_CTX *ctx; + ctx = BN_CTX_new(); + BIGNUM *res, *a, *p; + res = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + p = BN_CTX_get(ctx); + + BN_dec2bn(&p, "697"); + BN_dec2bn(&a, "696"); + + printf("p = %s\n", BN_bn2dec(p)); + printf("a = %s\n", BN_bn2dec(a)); + + BIGNUM* check = BN_mod_sqrt(res, a, p, ctx); + printf("%s\n", BN_bn2dec(res)); + + return 0; +} \ No newline at end of file -- Gitee From 53639d786c76a5cd6d6245405fea1411c10980ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:57:56 +0000 Subject: [PATCH 19/24] update cve/openssl/2022/CVE-2022-0778/README.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve/openssl/2022/CVE-2022-0778/README.md b/cve/openssl/2022/CVE-2022-0778/README.md index e1f2ac0a..9f84b88a 100644 --- a/cve/openssl/2022/CVE-2022-0778/README.md +++ b/cve/openssl/2022/CVE-2022-0778/README.md @@ -1,7 +1,7 @@ The prerequisite is having installed gcc and a vulnerable version of OpenSSL. -For the bug in BN_mod_sqrt(): compile with gcc -o my_bad_sqrt my_bad_sqrt.c -lcrypto, run ./my_bad_sqrt +For the bug in BN_mod_sqrt(): compile with gcc -o bad_BN bad_BN.c -lcrypto, run ./bad_BN With a certificate: run openssl x509 -in certs/cert.der.new -inform DER -text -noout -- Gitee From 1256626d4906ce721957ed35912649af3988fcfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 09:58:43 +0000 Subject: [PATCH 20/24] update cve/openssl/2022/CVE-2022-0778/README.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/cve/openssl/2022/CVE-2022-0778/README.md b/cve/openssl/2022/CVE-2022-0778/README.md index 9f84b88a..a17bc663 100644 --- a/cve/openssl/2022/CVE-2022-0778/README.md +++ b/cve/openssl/2022/CVE-2022-0778/README.md @@ -5,3 +5,4 @@ For the bug in BN_mod_sqrt(): compile with gcc -o bad_BN bad_BN.c -lcrypto, run With a certificate: run openssl x509 -in certs/cert.der.new -inform DER -text -noout +REF: https://github.com/drago-96/CVE-2022-0778 \ No newline at end of file -- Gitee From e818d94dbe5db4f1cabac17888566374e9cd31b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Sun, 12 Mar 2023 10:01:05 +0000 Subject: [PATCH 21/24] update cve/openssl/2022/CVE-2022-0778/README.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/CVE-2022-0778/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cve/openssl/2022/CVE-2022-0778/README.md b/cve/openssl/2022/CVE-2022-0778/README.md index a17bc663..58c70fbb 100644 --- a/cve/openssl/2022/CVE-2022-0778/README.md +++ b/cve/openssl/2022/CVE-2022-0778/README.md @@ -1,8 +1,6 @@ The prerequisite is having installed gcc and a vulnerable version of OpenSSL. -For the bug in BN_mod_sqrt(): compile with gcc -o bad_BN bad_BN.c -lcrypto, run ./bad_BN - -With a certificate: run openssl x509 -in certs/cert.der.new -inform DER -text -noout +POC of BN_mod_sqrt(): compile with gcc -o bad_BN bad_BN.c -lcrypto, run ./bad_BN REF: https://github.com/drago-96/CVE-2022-0778 \ No newline at end of file -- Gitee From 9f7c725259e50d9d4f162facca1b87e6c535d74a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Mon, 13 Mar 2023 03:04:20 +0000 Subject: [PATCH 22/24] update cve/openssl/2022/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/yaml/CVE-2022-0778.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cve/openssl/2022/yaml/CVE-2022-0778.yaml b/cve/openssl/2022/yaml/CVE-2022-0778.yaml index 9bc94f76..8dacde19 100644 --- a/cve/openssl/2022/yaml/CVE-2022-0778.yaml +++ b/cve/openssl/2022/yaml/CVE-2022-0778.yaml @@ -1,14 +1,12 @@ id: CVE-2022-0778 -source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 +source: https://github.com/drago-96/CVE-2022-0778 info: name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 severity: High description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。 - scope-of-influence: - Openssl Openssl 3.0.0 + scope-of-influence: Openssl 3.0.0 reference: - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf - - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 @@ -16,4 +14,4 @@ info: cwe-id: CWE-835 cnvd-id: None kve-id: None - tags: 漏洞标签 \ No newline at end of file + tags: 拒绝服务 \ No newline at end of file -- Gitee From 76a7836a0103bb057d18dc81175ad78ef61e7fba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Mon, 13 Mar 2023 06:14:48 +0000 Subject: [PATCH 23/24] update cve/openssl/2022/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/yaml/CVE-2022-0778.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve/openssl/2022/yaml/CVE-2022-0778.yaml b/cve/openssl/2022/yaml/CVE-2022-0778.yaml index 8dacde19..86c1d69a 100644 --- a/cve/openssl/2022/yaml/CVE-2022-0778.yaml +++ b/cve/openssl/2022/yaml/CVE-2022-0778.yaml @@ -4,7 +4,7 @@ info: name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 severity: High description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。 - scope-of-influence: Openssl 3.0.0 + scope-of-influence: Openssl 1.0.2, 1.1.1 和 3.0 版本 reference: - https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf classification: -- Gitee From 670d0fe4bb8cabd53b77f35845aa7a85c738a67c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=8A=E6=98=BE=E7=BA=AF?= Date: Mon, 13 Mar 2023 06:16:30 +0000 Subject: [PATCH 24/24] update cve/openssl/2022/yaml/CVE-2022-0778.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 伊显纯 --- cve/openssl/2022/yaml/CVE-2022-0778.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve/openssl/2022/yaml/CVE-2022-0778.yaml b/cve/openssl/2022/yaml/CVE-2022-0778.yaml index 86c1d69a..b571f37c 100644 --- a/cve/openssl/2022/yaml/CVE-2022-0778.yaml +++ b/cve/openssl/2022/yaml/CVE-2022-0778.yaml @@ -14,4 +14,4 @@ info: cwe-id: CWE-835 cnvd-id: None kve-id: None - tags: 拒绝服务 \ No newline at end of file + tags: 不可达退出条件的循环(无限循环) \ No newline at end of file -- Gitee