Real Time Logic SharkSSL Heap Buffer Overflow Vulnerability in TLS Server Handshake Processing

A heap buffer overflow vulnerability has been identified in Real Time Logic SharkSSL versions from May 5, 2024, in the server-side TLS handshake implementation. This vulnerability allows remote attackers to send malformed Client Hello messages that trigger the overflow, potentially leading to a segmentation fault and causing a denial-of-service condition on the server.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, allowing remote attackers to read large regions of the SharkSSL TLS server's memory. This typically results in a segmentation fault, terminating the program and causing a denial-of-service condition where clients can no longer connect to the TLS server. In operational technology contexts, this disruption of availability can be particularly problematic.

Reproduction

The vulnerability can be reproduced by sending a malformed Client Hello message to a SharkSSL TLS server. This can be done using a tool that allows for the manipulation of TLS handshake messages, such as a custom script or a network testing tool that supports TLS. The SharkSSL server must be running a vulnerable version for the exploitation to be successful.

Remediation

Users can update to the version of SharkSSL that includes the patch for this vulnerability, which is available as of September 7, 2024.