Security Advisory 2021-02-02-2 - wolfSSL heap buffer overflow in RsaPad_PSS (CVE-2020-36177)

Petr Štetiar ynezz at true.cz
Wed Feb 3 09:34:03 EST 2021 

DESCRIPTION

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds
write for certain relationships between key size and digest size. The issue is
marked as critical with CVSS score of 9.8 (10 is most severe)[0].

wolfSSL library is provided as `libwolfssl24` package in OpenWrt and shipped
by default in snapshots since August 27th 2020[1]. It's NOT shipped by default
in latest stable OpenWrt release 19.07.


REQUIREMENTS

It's still work in progress, there is not that much information about it
available yet, but according to the very high CVSS score of 9.8 (10 is most
severe) it's likely, that this issue has RCE potential.

You can check for updates on dedicated wiki page[2] and forum topic[3] if
interested.


MITIGATIONS

You need to update the affected `libwolfssl24` package you're using with the
command below.

   opkg update; opkg upgrade libwolfssl24

Then verify, that you're running fixed version.

   opkg list-installed libwolfssl24

The above command should output following:

   libwolfssl24 - 4.6.0-stable-1 - for stable OpenWrt 19.07 release
   libwolfssl24 - 4.6.0-stable-1 - for master/snapshot

The fix is contained in the following and later versions:

  * OpenWrt master: 2021-01-01 reboot-15389-gba40da9045f7
  * OpenWrt 19.07:  2021-02-02 v19.07.6-11-g2044c01de8f2


AFFECTED VERSIONS

To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release
versions 19.07.0 to 19.07.6 are not affected, because vulnerable `libwolfssl24`
package is not shipped by default in the official firmware images.  Older
versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end
of life and not supported any more.


CREDITS

This issue seems to be found by libFuzzer's address sanitizer in OSS-Fuzz[4] project
and fixed by Sean Parkinson[5] from wolfSSL team.


REFERENCES

0. https://nvd.nist.gov/vuln/detail/CVE-2020-36177
1. https://git.openwrt.org/e79df3516d3e2931a2a2964cadfed0af99acef49
2. https://openwrt.org/advisory/2021-02-02-2
3. https://forum.openwrt.org/t/security-advisory-2021-02-02-2-wolfssl-heap-buffer-overflow-in-rsapad-pss-cve-2020-36177
4. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
5. https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210203/a7dc6fbb/attachment.sig>

More information about the openwrt-devel mailing list