2087913 – (CVE-2022-1473) CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory

Bug 2087913 (CVE-2022-1473) - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory

Summary: CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-1473
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2089443 2089444 2089474
Blocks:	2087910
TreeView+	depends on / blocked

Reported:	2022-05-18 14:21 UTC by Patrick Del Bello
Modified:	2022-09-26 19:08 UTC (History)
CC List:	47 users (show)
Fixed In Version:	openssl 3.0.3
Doc Type:	If docs needed, set a value
Doc Text:	A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability.
Clone Of:
Environment:
Last Closed:	2022-06-25 20:09:35 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:6224	0	None	None	None	2022-08-30 16:02:17 UTC

Description Patrick Del Bello 2022-05-18 14:21:51 UTC

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://www.openssl.org/news/secadv/20220503.txt

Comment 2 Todd Cullum 2022-05-23 18:43:11 UTC

Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2089474]

Comment 8 Product Security DevOps Team 2022-06-25 20:09:31 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1473

Comment 9 errata-xmlrpc 2022-08-30 16:02:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224

Note You need to log in before you can comment on or make changes to this bug.

berrange
bmontgom
bootloader-eng-team
cfergeau
crobinso
crypto-team
csutherl
dbelyavs
ddepaula
dueno
elima
eparis
epel-packagers-sig
erik-fedora
fmartine
gzaronik
hkario
jburrell
jclere
jferlan
jokerman
jwon
krathod
kraxel
ktietz
marcandre.lureau
michel
mjg59
mspacek
mturk
nstielau
ntait
pbonzini
philmd
pjindal
pjones
redhat-bugzilla
rharwood
rh-spice-bugs
rjones
sahana
sponnaga
szappis
tcullum
tm
virt-maint
virt-maint