CVE CyberSecurity Database News

CVE-2023-0216 - How Malformed PKCS7 Data Can Crash Applications (And What You Can Do About It)

Poster -

In January 2023, a security issue was reported in OpenSSL related to the way malformed PKCS7 data is handled. This problem, documented as CVE-2023-0216, involves an *invalid pointer dereference* vulnerability. In simple terms, if a program tries to open corrupted PKCS7 data using certain OpenSSL functions, it can crash. While OpenSSL's built-in TLS (used for HTTPS and more) isn't affected, third-party apps using certain OpenSSL functions are at risk.

This means that, if you're running or developing an application that processes PKCS7 data from untrusted sources using OpenSSL, your app might be vulnerable to a Denial of Service (DoS) attack.

This post gives you plain-English background, example code, where to find more details, and tips to stay safe.

What’s PKCS7?

PKCS7 is a standard format used for storing "cryptographic messages." Think digital signatures, encrypted files, and secure email. Lots of applications use PKCS7 to read and write signed or encrypted data.

d2i_PKCS7_fp()

These functions all read PKCS7 data, either from memory, a file, or a "BIO" (OpenSSL's way of abstracting data input/output).

The Nature of the Vulnerability

The core issue is simple: If an attacker gives your app a specially crafted, broken PKCS7 message, then when your app tries to load it with one of the “d2i” functions, OpenSSL may try to read memory using a pointer that's either NULL or not valid anymore.

This leads immediately to a crash. The attacker can't really "take over" the computer — but they *can* make your software stop working.

Triggered by: Malformed PKCS7 data

- Affects: Applications using d2i_PKCS7(), d2i_PKCS7_bio(), or d2i_PKCS7_fp() on *untrusted* data

Code Example: How This Crash Happens

Here’s a very basic C code example showing how a vulnerable piece of code might use OpenSSL to read PKCS7 data:

#include <openssl/pkcs7.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <stdio.h>

int main() {
    FILE *fp = fopen("malformed.p7s", "rb");
    if (!fp) {
        printf("Unable to open file.\n");
        return 1;
    }

    PKCS7 *p7 = d2i_PKCS7_fp(fp, NULL); // THIS FUNCTION can crash with bad input
    if (!p7) {
        ERR_print_errors_fp(stderr);
        printf("Failed to parse PKCS7.\n");
        fclose(fp);
        return 1;
    }

    // ...use p7...

    PKCS7_free(p7);
    fclose(fp);
    return ;
}

If malformed.p7s is specifically crafted to confuse the parser, d2i_PKCS7_fp() can try to use a broken pointer and crash.

Crafting the Exploit

The actual malicious PKCS7 file is pretty easy for attackers to generate. It only needs to have wrong structure in a part that triggers the bug in OpenSSL's parsing logic. While OpenSSL has patched the problem, older versions can be crashed simply by giving them "evil" PKCS7 input.

If you want to see what filing a bugged PKCS7 file looks like, check out the technical writeups linked below. For security, this post does *not* provide ready-to-use exploit files.

OpenSSL Security Advisory (Jan 2023):

- OpenSSL Security Advisory: 3 Jan 2023

NVD Entry for CVE-2023-0216:

- NVD - CVE-2023-0216

OpenSSL Github commit fixing the bug:

- GitHub commit (OpenSSL fix)

PKCS7 Documentation:

- OpenSSL PKCS7 functions

Upgrade OpenSSL

Make sure your apps are using OpenSSL version 3..8 or later (the bug is fixed in this version). If you're on Linux, update your OpenSSL package. If statically linked, recompile with the latest library.

Be careful with untrusted PKCS7 data

If your program accepts PKCS7 files from users, scan or filter those before feeding to OpenSSL, or even better, sandbox your parsing process.

Handle parsing errors safely

Always check the result of parsing functions, and handle errors gracefully instead of assuming success.

Monitor for crashes

If you see mysterious crashes in software that processes PKCS7 files, check whether you’re still running a vulnerable OpenSSL version.

Who Needs To Worry?

- Developers of email clients, document processors, or any software that deals directly with PKCS7 files using the affected OpenSSL functions.

Anyone running old or custom builds of OpenSSL.

*OpenSSL's own SSL/TLS protocol use (what runs most websites) is not vulnerable to this issue, unless third-party code unnecessarily calls these d2i functions.*

Fix: update OpenSSL, handle errors, don't process untrusted PKCS7 blindly.

- More info: OpenSSL Bulletin and NVD.


Stay Safe!  
If your project accepts any "crypto message" files from the outside, make sure you’re using a safe version of OpenSSL and handling errors robustly.

Questions, comments, or looking for more in-depth guidance? [Contact me](mailto:your.email@example.com) or check the references above.

Timeline

Published on: 02/08/2023 20:15:00 UTC
Last modified on: 02/24/2023 15:15:00 UTC