OpenSSL vulnerability (CVE-2024-5535)

描述

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to 发送给对等体. Impact summary: A buffer overread can have a range of potential consequences such as unexpected 应用程序 beahviour or a crash. 特别是这个问题 could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. 但是，只有应用程序 that directly call the SSL_select_next_proto function with a 0 长度 list of supported client protocols are affected by this issue. 这通常不会 be a valid scenario 和 is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling 应用程序. The OpenSSL API function SSL_select_next_proto is typically used by TLS 应用程序s that support ALPN (Application Layer Protocol Negotiation) or NPN (下一议定书谈判). NPN is older, was never st和ardised 和 不赞成使用ALPN. We believe that ALPN is significantly more 比NPN应用更广泛. The SSL_select_next_proto function accepts a list of protocols from the server 和 a list of protocols from the client 和 returns the first protocol that appears in the server list that also appears in the 客户名单. In the case of no overlap between the two lists it returns the 客户端列表中的第一项. In either case it will signal whether an overlap 在两张单子之间找到了. In the case where SSL_select_next_proto is called with a zero 长度 客户名单 it fails to notice this condition 和 returns the memory immediately following the 客户名单 pointer (和 reports that there was no overlap in the lists). This function is typically called from a server side 应用程序 callback for ALPN or a client side 应用程序 callback for NPN. 在ALPN的情况下，列表 of protocols supplied by the client is guaranteed by libssl to never be zero in 长度. The list of server protocols comes from the 应用程序 和 should never normally be expected to be of zero 长度. 在这种情况下，如果 SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the 应用程序 will not be vulnerable to this issue. 如果应用程序有 accidentally been configured with a zero 长度 server list, 和 has accidentally passed that zero 长度 server list in the client/client_len parameters, 和 has additionally failed to correctly h和le a "no overlap" response (which would normally result in a h和shake failure in ALPN) then it 会受到这个问题的影响吗. In the case of NPN, the protocol permits the client to opportunistically select 没有重叠的协议. OpenSSL returns the first client protocol in the no overlap case in support of this. 客户端协议列表出现 from the 应用程序 和 should never normally be expected to be of zero 长度. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. 如果 应用程序 uses this output as the opportunistic protocol then the loss of 保密将会发生. This issue has been assessed as Low severity because 应用程序s are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not 广泛使用的. It also requires an 应用程序 configuration or programming error. Finally, this issue would not typically be under attacker control making active 开发不太可能. 3 . FIPS模块.3, 3.2, 3.1和3.0不受此问题影响. Due to the low severity of this issue we are not issuing new releases of OpenSSL. The fix will be included in the next releases when they 可用.