Double free after calling PEM_read_bio_ex
CVE-2022-4450

7.5HIGH

Key Information:

Vendor: OpenSSL
Status: OpenSSL
Vendor: CVE Published:; 8 February 2023

Summary

The vulnerability arises in the PEM_read_bio_ex() function of OpenSSL, which processes PEM files. If it encounters a malformed file resulting in 0 bytes of payload, it fails but still provides a pointer to a buffer that may have already been deallocated. When the caller attempts to free this buffer again, a double free condition occurs, potentially leading to application crashes. An attacker can exploit this vulnerability by supplying specially crafted PEM files, creating avenues for denial of service attacks. This issue also affects wrapper functions like PEM_read_bio() and PEM_read(), as well as other OpenSSL functions that indirectly call PEM_read_bio_ex().

Affected Version(s)

OpenSSL 3.0.0 < 3.0.8

OpenSSL 1.1.1 < 1.1.1t

References

https://www.openssl.org/news/secadv/20230207.txt

vendor-advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...

patch

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Dec 13, 2022

Credit

CarpetFuzz

Dawei Wang

Marc Schönefeld

Kurt Roeckx

Matt Caswell