{"schema_version":"1.7.2","id":"OESA-2024-2313","modified":"2024-11-01T11:09:29Z","published":"2024-11-01T11:09:29Z","upstream":["CVE-2022-4450"],"summary":"openresty-openssl111 security update","details":"Security Fix(es):\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \u0026quot;name\u0026quot; (e.g. \u0026quot;CERTIFICATE\u0026quot;), any header data and the payload data.\nIf the function succeeds then the \u0026quot;name_out\u0026quot;, \u0026quot;header\u0026quot; and \u0026quot;data\u0026quot; arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\r\n\r\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\r\n\r\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\r\n\r\nThe OpenSSL asn1parse command line application is also impacted by this issue.\r\n\r\n\n(CVE-2022-4450)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"openresty-openssl111","purl":"pkg:rpm/openEuler/openresty-openssl111\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1h-5.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["openresty-openssl111-1.1.1h-5.oe2203sp1.aarch64.rpm","openresty-openssl111-asan-1.1.1h-5.oe2203sp1.aarch64.rpm","openresty-openssl111-asan-devel-1.1.1h-5.oe2203sp1.aarch64.rpm","openresty-openssl111-debug-1.1.1h-5.oe2203sp1.aarch64.rpm","openresty-openssl111-debug-devel-1.1.1h-5.oe2203sp1.aarch64.rpm","openresty-openssl111-devel-1.1.1h-5.oe2203sp1.aarch64.rpm"],"src":["openresty-openssl111-1.1.1h-5.oe2203sp1.src.rpm"],"x86_64":["openresty-openssl111-1.1.1h-5.oe2203sp1.x86_64.rpm","openresty-openssl111-asan-1.1.1h-5.oe2203sp1.x86_64.rpm","openresty-openssl111-asan-devel-1.1.1h-5.oe2203sp1.x86_64.rpm","openresty-openssl111-debug-1.1.1h-5.oe2203sp1.x86_64.rpm","openresty-openssl111-debug-devel-1.1.1h-5.oe2203sp1.x86_64.rpm","openresty-openssl111-devel-1.1.1h-5.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2313"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4450"}],"database_specific":{"severity":"High"}}