QID 354735

a timing-based side channel exists in the openssl rsa decryption implementation, which could be sufficient to recover a ciphertext across a network in a bleichenbacher style attack.
To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption.
This issue affects all rsa padding modes: pkcs#1 v1.5, rsa-oeap, and rsasve. (
( CVE-2022-4304) a double-free vulnerability was found in openssls pem_read_bio_ex function.
The function pem_read_bio_ex() reads a pem file from a bio and parses and decodes the "name" (for example, "certificate"), any header data, and the payload data.
If the function succeeds, then the "name_out," "header," and "data" arguments are populated with pointers to buffers containing the relevant decoded data.
The caller is responsible for freeing those buffers.
Constructing a pem file that results in 0 bytes of payload data is possible.
In this case, pem_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer.
A double-free will occur if the caller also frees this buffer.
This will most likely lead to a crash.
This could be exploited by an attacker who can supply malicious pem files for parsing to achieve a denial of service attack. (
( CVE-2022-4450) a use-after-free vulnerability was found in openssls bio_new_ndef function.
The public api function bio_new_ndef is a helper function used for streaming asn.1 data via a bio.
Under certain conditions.
( CVE-2023-0286)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.