- changed status to resolved
[tnozaki-openssl] CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
Comments (2)
-
reporter -
reporter BUGFIX: Issue
#347- CVE-2023-2650 Possible DoS translating ASN.1 object identifiersCherry-picked from: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
Original commit message: Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this:
3.5. OBJECT IDENTIFIER values
An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. For the SMIv2, each number in the list is referred to as a sub-identifier, there are at most 128 sub-identifiers in a value, and each sub-identifier has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security
#96Fixes CVE-2023-2650Reviewed-by: Matt Caswell matt@openssl.org Reviewed-by: Tomas Mraz tomas@openssl.org
→ <<cset 6a325e32a065>>
- Log in to comment
done <<cset:6a325e32a065bae348f063d32d106e727bac0094>>