OpenSSL Stack Buffer Overflow Vulnerability in CMS AuthEnvelopedData Parsing Allowing Denial-of-Service and Potential Remote Code Execution

A stack buffer overflow vulnerability has been identified in OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0, when parsing CMS AuthEnvelopedData messages that use AEAD ciphers like AES-GCM. The vulnerability arises because the Initialization Vector (IV) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without proper length validation. This oversight allows an attacker to craft a CMS message with an oversized IV, leading to a stack-based out-of-bounds write before any authentication or tag verification can occur. As a result, this vulnerability may cause a crash, leading to a denial-of-service condition, or potentially allow for remote code execution, depending on the platform and toolchain mitigations in place.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption. This corruption typically results in a crash, causing a denial-of-service condition for the application. However, the memory corruption could also be exploited to execute arbitrary code, particularly if the application is running on a vulnerable platform without effective mitigations.

Reproduction

To reproduce this vulnerability, send a crafted CMS AuthEnvelopedData message that includes an oversized IV in the ASN.1 parameters. The message must use an AEAD cipher, such as AES-GCM. The vulnerability can be triggered before any authentication or tag verification occurs, allowing the oversized IV to cause a stack-based out-of-bounds write.

Remediation

Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.1. Users of OpenSSL 3.5 should upgrade to OpenSSL 3.5.5. Users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.4. Users of OpenSSL 3.3 should upgrade to OpenSSL 3.3.6. Users of OpenSSL 3.0 should upgrade to OpenSSL 3.0.19.