Corrective releases of the OpenSSL 3.0.2 and 1.1.1n cryptographic library are available. The update fixes a vulnerability (CVE-2022-0778) that can be used to organize a denial of service (endless looping handler). To exploit the vulnerability, it is enough to achieve the processing of a specially designed certificate. The problem manifests itself in both server and client applications that can handle user-supplied certificates.
The problem is caused by a bug in the BN_mod_sqrt() function that causes a loop when calculating the square root modulo other than a prime number. The function is used when parsing certificates with keys based on elliptic curves. Operation is reduced to substitution of incorrect parameters of the elliptic curve into the certificate. Because the problem occurs before the certificate's digital signature is verified, an attack can be carried out by an unauthenticated user who is able to achieve transmission of a client or server certificate to applications using OpenSSL.
The vulnerability also affects the LibreSSL library developed by the OpenBSD project, a fix for which is proposed in fix releases of LibreSSL 3.3.6, 3.4.3 and 3.5.1. Additionally, an analysis of the conditions for exploiting the vulnerability has been published (an example of a malicious certificate that causes a freeze has not yet been posted publicly).
Source: opennet.ru