Bug 1015243 (CVE-2016-9939) - VUL-0: CVE-2016-9939: libcryptopp: Potential DoS in Crypto++ (libcryptopp) ASN.1 parser
Summary: VUL-0: CVE-2016-9939: libcryptopp: Potential DoS in Crypto++ (libcryptopp) AS...
Status: RESOLVED FIXED
Alias: CVE-2016-9939
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/177457/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-13 06:56 UTC by Mikhail Kasimov
Modified: 2024-05-15 13:51 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-13 06:56:30 UTC 
Reference: [1] http://seclists.org/oss-sec/2016/q4/659

[1]:
=========================================================================
Gergely Nagy and Tamás Koczka of Tresorit report a potential DoS in
the Crypto++ ASN.1 parser. A copy of their email with the report can
be found at https://groups.google.com/d/msg/cryptopp-users/fEQ8jWg_K8g/qOLHGIDICwAJ.

When Crypto++ library parses an ASN.1 data value, the library
allocates for the content octets based on the length octets. Later, if
there's too few or too little content octets, the library throws a
BERDecodeErr exception. The memory for the content octets will be
zeroized (even if unused), which could take a long time on a large
allocation.

Please assign a CVE for the potential issue.

Thanks in advance.
========================================================================

[2] https://groups.google.com/d/msg/cryptopp-users/fEQ8jWg_K8g/qOLHGIDICwAJ

[2]:
========================================================================
---------- Forwarded message ----------
From: Gergely Nagy <n...@tresorit.com>
Date: Mon, Dec 12, 2016 at 8:45 AM
Subject: Security issue (DoS) in Crypto++ ASN1 decoder
To: Jeffrey Walton <nolo...@gmail.com>
Cc: Tamás Koczka <koc...@tresorit.com>

Hi!

I have found a bug in several BERDecode* functions which could be used
for a DoS attack.

The issue is similar to CVE-2016-2109 in OpenSSL which was disclosed
in https://www.openssl.org/news/secadv/20160503.txt


Basically after the ASN1 decoder reads the length, it allocates a
SecByteBlock of that size before checking that there is enough data
available.

This can cause memory exhaustion on most platforms, but it has (in my
opinion) the worst effect on 64-bit Linux systems where the allocation

will succeed for huge sizes and then a BERDecodeError exception will
be thrown that causes the destructor of the SecByteBlock to be called,

which can hang the CPU for a really long time zeroing out memory.


I have attached a patch (for the current master branch) that fixes
this behavior in both versions of BERDecodeOctetString,
BERDecodeTextString,

BERDecodeBitString and BERDecodeUnsigned. I am not 100% sure that
there are no other places in the code with the same issue.


I don't know how you want to disclose this issue, but if you want to
assign a CVE number and release a new version before publicly
disclosing it

then we won't deploy our fix until then.

We will binary patch our software which includes a statically linked
Crypto++ after 30 days if we don't get a proper response.

When you disclose the issue please refer to me as "Gergely Nagy
(Tresorit)", and say that the bug was found using "honggfuzz".


Thanks,

Gergely Nagy (Tresorit) 
========================================================================

[3]: https://github.com/weidai11/cryptopp/issues/346

Assigned CVE-2016-9939: [4] http://seclists.org/oss-sec/2016/q4/660
Comment 1 Mikhail Kasimov 2016-12-13 07:00:45 UTC 
Due to https://security-tracker.debian.org/tracker/CVE-2016-9939 version 5.6.4 is also vuln (see https://software.opensuse.org/package/libcryptopp).
Comment 2 Marcus Meissner 2016-12-13 07:11:32 UTC 
not in SUSE Linux Enterprise, only in openSUSE
Comment 3 Swamp Workflow Management 2016-12-13 23:00:15 UTC 
bugbot adjusting priority
Comment 4 Petr Gajdos 2021-09-07 09:58:15 UTC 
So in case I understand correctly, following changes are needed:
https://github.com/weidai11/cryptopp/pull/347
https://github.com/weidai11/cryptopp/commit/d0a6d43e16e4677d36bd0567978286938c1cfe6b
Comment 5 Petr Gajdos 2021-09-07 11:25:01 UTC 
TW: fixed by upstream already
15: submitted

I believe all fixed.
Comment 7 Swamp Workflow Management 2021-10-06 20:12:33 UTC 
SUSE-SU-2021:3301-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1015243
CVE References: CVE-2016-9939
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libcryptopp-5.6.5-1.6.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    libcryptopp-5.6.5-1.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-10-06 20:13:39 UTC 
openSUSE-SU-2021:3301-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1015243
CVE References: CVE-2016-9939
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    libcryptopp-5.6.5-1.6.1