DESCRIPTION RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. The issue is marked as critical with CVSS score of 9.8 (10 is most severe)[0].
wolfSSL library is provided as `libwolfssl24` package in OpenWrt and shipped by default in snapshots since August 27th 2020[1]. It's NOT shipped by default in latest stable OpenWrt release 19.07. REQUIREMENTS It's still work in progress, there is not that much information about it available yet, but according to the very high CVSS score of 9.8 (10 is most severe) it's likely, that this issue has RCE potential. You can check for updates on dedicated wiki page[2] and forum topic[3] if interested. MITIGATIONS You need to update the affected `libwolfssl24` package you're using with the command below. opkg update; opkg upgrade libwolfssl24 Then verify, that you're running fixed version. opkg list-installed libwolfssl24 The above command should output following: libwolfssl24 - 4.6.0-stable-1 - for stable OpenWrt 19.07 release libwolfssl24 - 4.6.0-stable-1 - for master/snapshot The fix is contained in the following and later versions: * OpenWrt master: 2021-01-01 reboot-15389-gba40da9045f7 * OpenWrt 19.07: 2021-02-02 v19.07.6-11-g2044c01de8f2 AFFECTED VERSIONS To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release versions 19.07.0 to 19.07.6 are not affected, because vulnerable `libwolfssl24` package is not shipped by default in the official firmware images. Older versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS This issue seems to be found by libFuzzer's address sanitizer in OSS-Fuzz[4] project and fixed by Sean Parkinson[5] from wolfSSL team. REFERENCES 0. https://nvd.nist.gov/vuln/detail/CVE-2020-36177 1. https://git.openwrt.org/e79df3516d3e2931a2a2964cadfed0af99acef49 2. https://openwrt.org/advisory/2021-02-02-2 3. https://forum.openwrt.org/t/security-advisory-2021-02-02-2-wolfssl-heap-buffer-overflow-in-rsapad-pss-cve-2020-36177 4. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 5. https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
signature.asc
Description: PGP signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
