CVE-2024-37305 - OpenCVE

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/open-quantum-safe/oqs-provider/pull/416
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-17T19:42:22.091Z

Updated: 2024-06-18T13:42:29.675Z

Reserved: 2024-06-05T20:10:46.497Z

Link: CVE-2024-37305

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-17T20:15:12.880

Modified: 2024-06-20T12:44:22.977

Link: CVE-2024-37305

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37305", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-05T20:10:46.497Z", "datePublished": "2024-06-17T19:42:22.091Z", "dateUpdated": "2024-06-18T13:42:29.675Z"}, "containers": {"cna": {"title": "Buffer overflow in deserialization in oqs-provider ", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-130", "lang": "en", "description": "CWE-130: Improper Handling of Length Parameter Inconsistency", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-680", "lang": "en", "description": "CWE-680: Integer Overflow to Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-805", "lang": "en", "description": "CWE-805: Buffer Access with Incorrect Length Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}, {"name": "https://github.com/open-quantum-safe/oqs-provider/pull/416", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}], "affected": [{"vendor": "open-quantum-safe", "product": "oqs-provider", "versions": [{"version": "< 0.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-17T19:42:22.091Z"}, "descriptions": [{"lang": "en", "value": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue."}], "source": {"advisory": "GHSA-pqvr-5cr8-v6fx", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "open_quantum_safe", "product": "oqs_provider", "cpes": ["cpe:2.3:a:open_quantum_safe:oqs_provider:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.6.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T13:31:38.141442Z", "id": "CVE-2024-37305", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T13:42:29.675Z"}}]}}

{"descriptions": [{"lang": "en", "value": "oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue."}, {"lang": "es", "value": "oqs-provider es un proveedor de la librer\u00eda de criptograf\u00eda OpenSSL 3 que agrega soporte para criptograf\u00eda poscu\u00e1ntica en TLS, X.509 y S/MIME utilizando algoritmos poscu\u00e1nticos de liboqs. Se han identificado fallas en la forma en que oqs-provider maneja las longitudes decodificadas con DECODE_UINT32 al inicio de firmas y claves h\u00edbridas serializadas (tradicionales + poscu\u00e1nticas). Los valores de longitud no verificados se utilizan posteriormente para lecturas y escrituras de memoria; La entrada mal formada puede provocar fallas o fugas de informaci\u00f3n. El manejo de la operaci\u00f3n de clave PQ simple/no h\u00edbrida no se ve afectado. Este problema se solucion\u00f3 en la versi\u00f3n 0.6.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds para este problema."}], "id": "CVE-2024-37305", "lastModified": "2024-06-20T12:44:22.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-17T20:15:12.880", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/open-quantum-safe/oqs-provider/pull/416"}, {"source": "security-advisories@github.com", "url": "https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-130"}, {"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-680"}, {"lang": "en", "value": "CWE-805"}], "source": "security-advisories@github.com", "type": "Secondary"}]}