OpenSSL Out-of-Bounds Read Vulnerability in Email Validation

A vulnerability exists in OpenSSL 4.0 that allows for an out-of-bounds read when the function X509_VERIFY_PARAM_set1_email is used to validate a crafted email address. This issue can occur during S/MIME message validation, potentially leading to a crash and causing a denial-of-service condition. The vulnerability arises because an internal helper function used in the email validation process applies an incorrect length, which can result in the 64-octet limit on the local part of the email address not being properly enforced. As a consequence, the validation process may either fail to restrict the length appropriately or cause an out-of-bounds read that could be exploited to crash the application.

Impact

Exploitation of this vulnerability causes an out-of-bounds read that can lead to a crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send an S/MIME message that includes a crafted 'From:' address designed to bypass the email length validation. When the recipient's application processes the S/MIME message, the X509_VERIFY_PARAM_set1_email function will be called, triggering the out-of-bounds read.

Remediation

Users of OpenSSL 4.0 should upgrade to OpenSSL 4.0.1.