Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)

Petr Štetiar ynezz at true.cz
Thu Oct 6 04:36:54 PDT 2022 

DESCRIPTION

In wolfSSL prior to version 5.5.1, malicious clients can cause a buffer
overflow on server during a TLS protocol version 1.3 handshake.

This occurs when an attacker supposedly resumes a previous TLS session. During
the resumption Client Hello a Hello Retry Request must be triggered. Both
Client Hellos are required to contain a list of duplicate cipher suites to
trigger the buffer overflow. In total, two Client Hellos have to be sent: one
in the resumed session, and a second one as a response to a Hello Retry
Request message.

CVE-2022-39173[0] has been assigned to this vulnerability, you can find the
latest version of this advisory on our wiki[1].


REQUIREMENTS

A malicious attacker would need to send a specially crafted TLS protocol
version 1.3 packets to a network exposed service.

In default configuration this applies to OpenWrt releases 21.02 and 22.03,
which have LuCI web user interface exposed to local area network clients over
HTTPS. This service is provided by uhttpd web server, which is using
vulnerable libustream-wolfssl wrapper.

Additionally it's possible to install several other server packages like
lua-eco, libuhttpd-wolfssl, lighttpd-mod-wolfssl, openvpn-wolfssl,
strongswan-mod-wolfssl which needs to be updated as well.


MITIGATIONS

You need to update the affected packages you're using with the command below.

   opkg update; opkg upgrade libwolfssl libustream-wolfssl; /etc/init.d/uhttpd restart

Then verify, that you're running fixed version.

   opkg list-installed | grep wolfssl

The above command should output following:

  On OpenWrt development snapshot:

    libustream-wolfssl20201210 - 2022-01-16-868fd881-1
    libwolfssl5.5.1.e624513f - 5.5.1-stable-8

  On OpenWrt 22.03 release:

    libustream-wolfssl20201210 - 2022-01-16-868fd881-2
    libwolfssl5.5.1.ee39414e - 5.5.1-stable-3

  On OpenWrt 21.02 release:

    libustream-wolfssl20201210 - 2022-01-16-868fd881-2
    libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2

The fix is contained in the following and later versions:

  * OpenWrt master: 2022-10-03 reboot-20859-gf1b7e1434f66
  * OpenWrt 22.03:  2022-10-04 v22.03.0-87-g562894b39da3
  * OpenWrt 21.02:  2022-10-05 v21.02.3-124-g8444302a92e6


AFFECTED VERSIONS

To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release
versions 22.03.0 and OpenWrt v21.02.3 are affected. Older versions of OpenWrt
(e.g. OpenWrt 19.07, OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of
life and not supported any more.


CREDITS

Thanks to Max at Trail of Bits for the report, "LORIA, INRIA, France" for
research on tlspuffin and Kien Truong for helping us getting this diagnosed
and fixed in OpenWrt[2,3].


REFERENCES

0. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
1. https://openwrt.org/advisory/2022-10-04-1
2. https://github.com/openwrt/luci/issues/5962
3. https://github.com/wolfSSL/wolfssl/issues/5629

More information about the openwrt-devel mailing list