openCryptoki Heap Buffer Overflow Vulnerability in CKM_ECDH_AES_KEY_WRAP Implementation

A heap buffer overflow vulnerability has been identified in openCryptoki versions 3.25.0 and 3.26.0. The issue arises in the CKM_ECDH_AES_KEY_WRAP mechanism, where the buffer size for wrapped key data is incorrectly calculated when a compressed EC public key is used. This miscalculation can lead to out-of-bounds writes, causing heap corruption or a denial-of-service condition in the host process.

Impact

Exploitation of this vulnerability results in a heap buffer overflow, allowing for out-of-bounds writes that can corrupt heap memory. Such heap corruption can lead to memory management errors, potentially allowing for arbitrary code execution or causing a denial-of-service by crashing the application.

Reproduction

To reproduce this vulnerability, create or import an EC key pair with the public key stored in compressed form. Then, invoke the C_WrapKey function using the CKM_ECDH_AES_KEY_WRAP mechanism. The second call to C_WrapKey will overwrite adjacent heap memory, demonstrating the buffer overflow.

Remediation

Users can upgrade to openCryptoki versions after the vulnerability was introduced, such as the latest version, where this vulnerability has been fixed.