OpenSSL 3.0 Critical Patch Released

Two high severity security vulnerabilities affecting OpenSSL were made public, which were the issues that led to Fedora 37 being delayed to mid November to allow the release images have mitigated OpenSSL packages.

The OpenSSL vulnerabilities are an X.509 email address 4-byte buffer overflow (CVE-2022-3602) and an X.509 email address variable length buffer overflow (CVE-2022-3786).

Both vulnerabilities pertain to buffer overruns within the X.509 certificate verification. CVE-2022-3602 is the vulnerability originally deemed “critical” and what led to the delayed Fedora 37 and the like. However, on further analysis they decided to downgrade it to “high” severity.

DataDog Security Labs released a PoC for the bug

Punycode is a method to express non-ASCII characters in domain names. As DNS have to use ASCII-only characters, Punycode was introduced to encode non-ASCII characters. The encoding is not trivial. Punycode domain names start with “xn--” followed by the English characters, another dash, and finally, the non-ASCII characters encoded as ASCII characters.

For an instance, the Punycode domain “xn--govindex-634g.biz” would be displayed as “gov/index.biz” in browsers. “634g” represents the / character and the location where it will be inserted.

Current versions of OpenSSL 3.0 and 1.1.1 support identical cipher suites and digests/ciphers. Passive fingerprinting may be possible, Standard fingerprinting techniques are affected by how applications use either library and are often a better indicator for the application vs. the library version.

Currently, there are two production versions of OpenSSL available:

• OpenSSL 1.1.1 – not vulnerable, supported until Sept. 11th, 2023. Latest version: 1.1.1s 
• OpenSSL 3.0.x – vulnerable if x < 7, supported until Sept. 7th, 2026. The latest version is 3.0.7 (note that 3.0.6 was released but removed quickly after it was released due to a bug)
• OpenSSL 3.1 – not available yet.

OpenSSL 3.0.7 is available with the fixes.