OpenSSL Double-Free Vulnerability in OCSP Stapling Can Lead to Heap Corruption

A double-free vulnerability has been identified in OpenSSL versions 4.0 and 3.6, when TLS clients verify OCSP stapled responses from malicious servers. This vulnerability occurs if OCSP stapling is enabled, which is not the default setting. The crafted response triggers a double-free in the client's certificate verification process, corrupting heap memory. While reliably executing code through this double-free is complex and highly dependent on the environment, the vulnerability straightforwardly causes a denial-of-service condition by crashing the application. Notably, this issue does not affect any OpenSSL FIPS modules, as the problematic code lies outside the FIPS module boundary.

Impact

Exploitation of this vulnerability leads to a heap memory corruption via a double-free, causing a denial-of-service condition. Additionally, such double-free vulnerabilities can sometimes be exploited to execute arbitrary code, depending on the environment.

Reproduction

To reproduce this vulnerability, a TLS client must connect to a server that delivers a maliciously crafted OCSP stapled response through the status_request extension. This response should be designed to trigger a double-free in the client's certificate verification path. The vulnerability can be tested by enabling OCSP stapling on the client and observing the application's behavior when the crafted response is processed.

Remediation

Users of OpenSSL 4.0 should upgrade to OpenSSL 4.0.1, and users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.3.