openCryptoki BER/DER Decoding Functions Out-of-Bounds Read Vulnerability

A memory safety vulnerability has been identified in openCryptoki, a PKCS#11 library for Linux and AIX, in versions through 3.26.0. The issue arises in the BER/DER decoding functions within the shared common library asn1.c. These functions accept a raw pointer without a corresponding buffer length parameter, allowing attacker-controlled length fields to be trusted without validation against actual buffer boundaries. This flaw affects all primitive decoders: ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE. The vulnerability can be exploited by supplying a malformed BER-encoded cryptographic object through various PKCS#11 operations, such as C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication. All token backends are affected since the vulnerable code is in the shared common library.

Impact

Exploitation of this vulnerability leads to out-of-bounds reads, causing information disclosure. Additionally, ber_decode_INTEGER can experience integer underflows when the encoded length is zero, potentially allowing for further exploitation.

Reproduction

The vulnerability can be reproduced by crafting a BER-encoded object that exploits the length validation flaw in the decoding functions. This can be done by using the PKCS#11 functions C_CreateObject or C_UnwrapKey to import the malformed object, or by loading it from a file or a remote backend that communicates with the token.

Remediation

Users can update to openCryptoki version 3.26.1 or later, where this vulnerability has been patched.