Use-after-free following BIO_new_NDEF
CVE-2023-0215

7.5HIGH

Key Information:

Vendor: OpenSSL
Status: OpenSSL
Vendor: CVE Published:; 8 February 2023

Summary

A use-after-free vulnerability exists in the OpenSSL library's BIO_new_NDEF function. This flaw can be triggered under specific conditions, such as when an invalid CMS recipient public key is used. The BIO_new_NDEF function creates a new BIO chain and returns it while failing to properly clean up in the event of an error. This oversight allows for the original BIO to maintain pointers to a freed filter BIO. If an application subsequently calls BIO_pop() on the original BIO, it can lead to a crash, impacting various public API functions and command line utilities that rely on these BIO operations.

Affected Version(s)

OpenSSL 3.0.0 < 3.0.8

OpenSSL 1.1.1 < 1.1.1t

OpenSSL 1.0.2 < 1.0.2zg

References

https://www.openssl.org/news/secadv/20230207.txt

vendor-advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...

patch

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Jan 11, 2023

Credit

Octavio Galland (Max Planck Institute for Security and Privacy)

Marcel Böhme (Max Planck Institute for Security and Privacy)

Viktor Dukhovni

Matt Caswell