OpenSSL DANE Client Use-After-Free Vulnerability

A potential use-after-free and double-free vulnerability has been identified in OpenSSL clients that perform DANE TLSA-based server authentication. This issue arises from an uncommon combination of client configurations and server DANE TLSA records. The vulnerability affects clients using TLSA records with both PKIX-TA(0)/PKIX-EE(1) and DANE-TA(2) certificate usages. The problem is exacerbated when the client interacts with a server that publishes a TLSA RRset containing both types of records. While this vulnerability could lead to data corruption, application crashes, or arbitrary code execution, it does not impact OpenSSL's FIPS modules.

Impact

Exploitation of this vulnerability can result in a use-after-free condition, which may lead to data corruption, application crashes, or execution of arbitrary code.

Reproduction

To reproduce this vulnerability, a client must be configured to use DANE TLSA-based authentication and must connect to a server that publishes TLSA records with both PKIX and DANE certificate usages. This combination is rare, as most DANE deployments, particularly in SMTP, follow RFC 7672 recommendations that render such TLSA records 'unusable'.

Remediation

Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.2. Users of OpenSSL 3.5 should upgrade to OpenSSL 3.5.6. Users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.5. Users of OpenSSL 3.3 should upgrade to OpenSSL 3.3.7. Users of OpenSSL 3.0 should upgrade to OpenSSL 3.0.20.