openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

update cve/openssl/2023/yaml/CVE-2022-0778.yaml. 

Signed-off-by: 伊显纯 <yixianchun@buaa.edu.cn>
This commit is contained in:
伊显纯 2023-03-12 09:50:58 +00:00 committed by Re3et
parent acc1f0fe7e
commit c9f5f0de80
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cve/openssl/2023/yaml/CVE-2022-0778.yaml
View File

@ -1,20 +1,19 @@
id: CVE-2023-0215
source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
id: CVE-2022-0778
source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
info:
name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层SSLv2/v3和安全传输层TLSv1协议的通用加密库。该产品支持多种加密算法包括对称密码、哈希算法、安全散列算法等。
severity: Moderate
description: |
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
severity: High
description: 漏洞出自BN_mod_sqrt()接口函数它用于计算模平方根且期望参数p应该是个质数但是函数内并没有进行检查这导致内部可能出现无限循环。
scope-of-influence:
The OpenSSL cms and smime command line applications are similarly affected.
Openssl Openssl 3.0.0
reference:
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2023-0215
cwe-id: CWE-416
cve-id: CVE-2022-0778
cwe-id: CWE-835
cnvd-id: None
kve-id: None
tags: 漏洞标签