June 28th, 2024

OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread

A bug, CVE-2024-5535, in OpenSSL since 2011 allows heap data leakage. Impacts Python <= 3.9, Node.js <= 9. NPN support removal in newer versions reduces risk. Bug affects SSL_select_next_proto in OpenSSL, BoringSSL, LibreSSL. Memory safety risks demand caution and updates.

Read original articleLink Icon
OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread

A bug, CVE-2024-5535, affecting OpenSSL since 2011 has been discovered, allowing the leakage of up to 255 bytes of a client's heap to a server when certain conditions are met. This bug impacts Python <= 3.9 and Node.js <= 9, among others. While NPN support, the precursor to ALPN, has been phased out in newer versions of various programs, historic usage may still pose a risk. The bug was found in SSL_select_next_proto, affecting OpenSSL, BoringSSL, and LibreSSL. Despite various security measures, the bug persisted until its recent discovery and disclosure. The bug's impact on memory safety can lead to severe consequences, as demonstrated in a Python code snippet. Recommendations include reviewing past SSL_select_next_proto usage and updating affected programs. The bug's timeline, discovery, and remediation efforts are detailed, emphasizing the need for vigilance in addressing such vulnerabilities.

Related

Memory sealing for the GNU C Library

Memory sealing for the GNU C Library

The GNU C Library introduces mseal() system call for enhanced security by preventing address space changes. Adhemerval Zanella's patch series adds support, improving memory manipulation protection in upcoming releases.

I found an 8 years old bug in Xorg

I found an 8 years old bug in Xorg

An 8-year-old Xorg bug related to epoll misuse was found by a picom developer. The bug caused windows to disappear during server lock, traced to CloseDownClient events. Despite limited impact, the developer seeks alternative window tree updates, emphasizing testing and debugging tools.

Arbitrary shell command evaluation in Org Mode (GNU Emacs)

Arbitrary shell command evaluation in Org Mode (GNU Emacs)

A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.

More Memory Safety for Let's Encrypt: Deploying ntpd-rs

More Memory Safety for Let's Encrypt: Deploying ntpd-rs

Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.

The Dirty Pipe Vulnerability

The Dirty Pipe Vulnerability

The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.

Link Icon 0 comments