CVE-2022-37454 SHA-3 buffer overflow

Job Cacka job at ccbox.com
Fri Oct 21 19:41:24 UTC 2022 

This is probably more difficult to exploit than I thought in my first read
through. 

 

Workarounds

The problem can be avoided by limiting the size of the partial input data
(or partial output digest) below 2^32 - 200 bytes. Multiple calls to the
queue system can be chained at a higher level to retain the original
functionality. Alternatively, one can process the entire input (or produce
the entire output) at once, avoiding the queuing functions altogether.

 

 

From: Job Cacka <job at ccbox.com> 
Sent: Friday, October 21, 2022 11:33 AM
To: 'openssl-users at openssl.org' <openssl-users at openssl.org>
Subject: CVE-2022-37454 SHA-3 buffer overflow

 

I was reading that SHA-3 has a buffer overflow in the C implementation that
is used by PHP and Python.

https://nvd.nist.gov/vuln/detail/CVE-2022-37454

https://mouha.be/sha-3-buffer-overflow/

 

How does OpenSSL implement SHA-3 in the following algorithms? Is SHA3 only
used in SHA3-224, SHA3-256, SHA3-384, and SHA3-512?

 

root:/ openssl list -digest-algorithms

RSA-MD4 => MD4

RSA-MD5 => MD5

RSA-MDC2 => MDC2

RSA-RIPEMD160 => RIPEMD160

RSA-SHA1 => SHA1

RSA-SHA1-2 => RSA-SHA1

RSA-SHA224 => SHA224

RSA-SHA256 => SHA256

RSA-SHA3-224 => SHA3-224

RSA-SHA3-256 => SHA3-256

RSA-SHA3-384 => SHA3-384

RSA-SHA3-512 => SHA3-512

RSA-SHA384 => SHA384

RSA-SHA512 => SHA512

RSA-SHA512/224 => SHA512-224

RSA-SHA512/256 => SHA512-256

RSA-SM3 => SM3

BLAKE2b512

BLAKE2s256

id-rsassa-pkcs1-v1_5-with-sha3-224 => SHA3-224

id-rsassa-pkcs1-v1_5-with-sha3-256 => SHA3-256

id-rsassa-pkcs1-v1_5-with-sha3-384 => SHA3-384

id-rsassa-pkcs1-v1_5-with-sha3-512 => SHA3-512

MD4

md4WithRSAEncryption => MD4

MD5

MD5-SHA1

md5WithRSAEncryption => MD5

MDC2

mdc2WithRSA => MDC2

ripemd => RIPEMD160

RIPEMD160

ripemd160WithRSA => RIPEMD160

rmd160 => RIPEMD160

SHA1

sha1WithRSAEncryption => SHA1

SHA224

sha224WithRSAEncryption => SHA224

SHA256

sha256WithRSAEncryption => SHA256

SHA3-224

SHA3-256

SHA3-384

SHA3-512

SHA384

sha384WithRSAEncryption => SHA384

SHA512

SHA512-224

sha512-224WithRSAEncryption => SHA512-224

SHA512-256

sha512-256WithRSAEncryption => SHA512-256

sha512WithRSAEncryption => SHA512

SHAKE128

SHAKE256

SM3

sm3WithRSAEncryption => SM3

ssl3-md5 => MD5

ssl3-sha1 => SHA1

whirlpool

 

 

Thanks,

Job 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221021/3f3dd500/attachment.htm>

More information about the openssl-users mailing list