CVE-2023-28319: The Use-After-Free Vulnerability in curl Affecting SSH Server Public Key Verification

CVE-2023-28319 represents a use-after-free vulnerability discovered in curl versions older than 8.1.. This vulnerability arises due to the manner in which libcurl verifies the SSH server's public key using a SHA 256 hash. When the key check fails, libcurl mistakenly frees the memory containing the fingerprint before returning an error message. As a result, sensitive heap-based data could be included in the message and revealed to users or leaked.

In this article, we will discuss the implications of this vulnerability and provide code snippets to understand its impact. We will also provide links to the original references and discuss exploit details.

Code Snippet

/* Check the public key's SHA-256 fingerprint against the known hosts */
if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) {
  unsigned char *fingerprint;
  size_t fplen;
  if(checkpubkeysha256(ssh,
         data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
         &fingerprint, &fplen) == CURLE_OK) {
    /* Pinning check succeeded */
  }
  else {
    /* Pinning check failed -- generate error message here */
    /* ... */
    /* Free the fingerprint memory */
    Curl_safefree(fingerprint);
  }
  /* Free the original memory */
  Curl_safefree(fptype);
}

In the snippet above, the checkpubkeysha256 function checks the public key fingerprint against a known host. If the check fails (else block), the code generates an error message. However, the fingerprint memory is prematurely freed before the error message is generated—a classic use-after-free vulnerability.

Original References

1. Official advisory by the curl project
2. NVD - National Vulnerability Database

Exploit Details

An attacker could exploit this vulnerability by setting up a malicious SSH server with an incorrect public key. When a client running a vulnerable version of curl connects to the server, the key check fails and triggers the use-after-free vulnerability. As a result, sensitive data from memory could be leaked into the error message. Potentially, this information could then be displayed to the user or logged insecurely, which could result in information disclosure.

Mitigation

The curl project has addressed this vulnerability in version 8.1.. Users are strongly encouraged to upgrade to this version or newer. If updating is not immediately possible, users should avoid using the feature that verifies SSH server public keys using SHA 256 hashes.

Conclusion

CVE-2023-28319 highlights the importance of proper memory management and validation when using security-sensitive functions like public key checks. The curl project has issued a patch to resolve this vulnerability, so users should ensure that they are running an updated version to avoid potential risks.

Timeline

Published on: 05/26/2023 21:15:00 UTC
Last modified on: 08/02/2023 16:47:00 UTC