In Progress EA-10564 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)


Well-Known Member
Nov 3, 2006

Severity: High

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.

Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters..........

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022
Thread starter Similar threads Forum Replies Date
A Security 4