OpenSSL PKCS#7 Use-After-Free Vulnerability in Signature Verification Allowing Heap Corruption and Potential Remote Code Execution

A use-after-free vulnerability has been identified in OpenSSL's PKCS#7 signature verification process. This issue arises when processing a specially crafted PKCS#7 or S/MIME signed message that includes an empty ASN.1 SET in the SignedData digestAlgorithms field. The flaw causes OpenSSL to incorrectly free a caller-owned BIO, leading to a use-after-free condition when the application later attempts to use the BIO. This vulnerability can result in process crashes, heap corruption, or potentially allow for remote code execution, depending on the application's BIO usage patterns and the behavior of the memory allocator.

Impact

Exploitation of this vulnerability can cause process crashes, heap memory corruption, or, in some application contexts, remote code execution.

Reproduction

To reproduce this vulnerability, an application must process PKCS#7 or S/MIME signed messages using the OpenSSL PKCS#7 APIs. The signed message must be crafted to include an empty ASN.1 SET in the SignedData digestAlgorithms field. When the message is processed with PKCS7_verify(), OpenSSL will incorrectly free a BIO that the caller owns. If the application subsequently calls BIO_free() on that BIO, it will create a use-after-free condition. This can lead to a crash or other memory corruption, and in some cases, could be exploited for remote code execution.

Remediation

Users of OpenSSL 4.0 should upgrade to OpenSSL 4.0.1. Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.3. Users of OpenSSL 3.5 should upgrade to OpenSSL 3.5.7. Users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.6. Users of OpenSSL 3.0 should upgrade to OpenSSL 3.0.21. Users of OpenSSL 1.1.1 should upgrade to OpenSSL 1.1.1zh (premium support customers only). Users of OpenSSL 1.0.2 should upgrade to OpenSSL 1.0.2zq (premium support customers only).