Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)
DESCRIPTION
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow on server during a TLS 1.3 handshake.
This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
CVE-2022-39173 was assigned to this vulnerability.
REQUIREMENTS
A malicious attacker in the same local network as the OpenWrt device would then need to send a specially crafted TLS version 1.3 packets to network exposed service.
In default configuration this applies to OpenWrt releases 21.02 and 22.03, which have LuCI web user available over HTTPS by uhttpd web server, which is using vulnerable libustream-wolfssl wrapper.
Additionally it's possible to install several other server packages like lua-eco, libuhttpd-wolfssl, lighttpd-mod-wolfssl, openvpn-wolfssl, strongswan-mod-wolfssl which are using vulnerable libwolfssl library and thus needs to be updated as well.
MITIGATIONS
You need to update the affected packages you're using with the command below.
opkg update; opkg upgrade libwolfssl libustream-wolfssl; /etc/init.d/uhttpd restart
Then verify, that you're running fixed version.
opkg list-installed | grep wolfssl
The above command should output following:
- On OpenWrt development snapshot:
libustream-wolfssl20201210 - 2022-01-16-868fd881-1 libwolfssl5.5.1.e624513f - 5.5.1-stable-8
- On OpenWrt 22.03 release:
libustream-wolfssl20201210 - 2022-01-16-868fd881-2 libwolfssl5.5.1.ee39414e - 5.5.1-stable-3
- On OpenWrt 21.02 release:
libustream-wolfssl20201210 - 2022-01-16-868fd881-2 libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
The fix is contained in the following and later versions:
- OpenWrt master: 2022-10-03 (fixed by reboot-20859-gf1b7e1434f66)
- OpenWrt 22.03: 2022-10-04 (fixed by v22.03.0-87-g562894b39da3)
- OpenWrt 21.02: 2022-10-05 (fixed by v21.02.3-124-g8444302a92e6)
AFFECTED VERSIONS
To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release versions 22.03.0 and OpenWrt v21.02.3 are affected. Older versions of OpenWrt (e.g. OpenWrt 19.07, OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
CREDITS
Thanks to Max at Trail of Bits for the report, “LORIA, INRIA, France for research on tlspuffin and Kien Truong for helping us getting this diagnosed and fixed in OpenWrt.