Lucene search

OpenWrt ProjectOPENWRT-SA-2022-10-04-1

HistoryOct 04, 2022 - 12:00 a.m.

Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)

2022-10-0400:00:00

OpenWrt Project

openwrt.org

wolfssl buffer overflow

tls 1.3 handshake

openwrt vulnerability

cve-2022-39173

libwolfssl update

network security

tls version 1.3

uhttpd web server

libustream-wolfssl

openwrt releases 21.02 and 22.03

security advisory

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.2%

JSON

DESCRIPTION
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow on server during a TLS 1.3 handshake.

This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.

CVE-2022-39173 was assigned to this vulnerability.
*[TLS]: Transport Layer Security

REQUIREMENTS
A malicious attacker in the same local network as the OpenWrt device would then need to send a specially crafted TLS version 1.3 packets to network exposed service.

In default configuration this applies to OpenWrt releases 21.02 and 22.03, which have LuCI web user available over HTTPS by uhttpd web server, which is using vulnerable libustream-wolfssl wrapper.

Additionally it’s possible to install several other server packages like lua-eco, libuhttpd-wolfssl, lighttpd-mod-wolfssl, openvpn-wolfssl, strongswan-mod-wolfssl which are using vulnerable libwolfssl library and thus needs to be updated as well.
*[TLS]: Transport Layer Security
*[HTTPS]: Hypertext Transfer Protocol Secure

MITIGATIONS
You need to update the affected packages you’re using with the command below.

 opkg update; opkg upgrade libwolfssl libustream-wolfssl; /etc/init.d/uhttpd restart

Then verify, that you’re running fixed version.

 opkg list-installed | grep wolfssl

The above command should output following:

On OpenWrt development snapshot:

libustream-wolfssl20201210 - 2022-01-16-868fd881-1
libwolfssl5.5.1.e624513f - 5.5.1-stable-8
On OpenWrt 22.03 release:

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.ee39414e - 5.5.1-stable-3
On OpenWrt 21.02 release:

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2

The fix is contained in the following and later versions:

OpenWrt master: 2022-10-03 (fixed by reboot-20859-gf1b7e1434f66)
OpenWrt 22.03: 2022-10-04 (fixed by v22.03.0-87-g562894b39da3)
OpenWrt 21.02: 2022-10-05 (fixed by v21.02.3-124-g8444302a92e6)

AFFECTED VERSIONS
To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release versions 22.03.0 and OpenWrt v21.02.3 are affected. Older versions of OpenWrt (e.g. OpenWrt 19.07, OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.

CREDITS
Thanks to Max at Trail of Bits for the report, “LORIA, INRIA, France for research on tlspuffin and Kien Truong for helping us getting this diagnosed and fixed in OpenWrt.