-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
Commit
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,23 @@ | |
|
||
Changes between 1.1.1s and 1.1.1t [xx XXX xxxx] | ||
|
||
*) | ||
*) Fixed a type confusion vulnerability relating to X.400 address processing | ||
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
paulidale
Contributor
|
||
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This | ||
vulnerability may allow an attacker who can provide a certificate chain and | ||
CRL (neither of which need have a valid signature) to pass arbitrary | ||
pointers to a memcmp call, creating a possible read primitive, subject to | ||
some constraints. Refer to the advisory for more information. Thanks to | ||
David Benjamin for discovering this issue. (CVE-2023-0286) | ||
|
||
This issue has been fixed by changing the public header file definition of | ||
GENERAL_NAME so that x400Address reflects the implementation. It was not | ||
possible for any existing application to successfully use the existing | ||
definition; however, if any application references the x400Address field | ||
(e.g. in dead code), note that the type of this field has changed. There is | ||
no ABI change. | ||
|
||
[Hugo Landau] | ||
|
||
Changes between 1.1.1r and 1.1.1s [1 Nov 2022] | ||
|
||
|
Hi! I am a maintainer from Cloudlinux, Inc. Could you help me please to identify whether my version of openssl is vulnerable or not.
As I see,
CHANGES
message tells: "X.400 addresses were parsed as an ASN1_STRING". Can you actually point where it happens exactly (function name(s)/code fragment)? I would like to see whether they are parsed like this in my version or not.