CVE-2023-36326 - Integer Overflow Vulnerability in RELIC May Lead to Arbitrary Code Execution, Denial of Service, and Privilege Escalation

In the RELIC project, a high-performance cryptographic library widely used by developers and security researchers, a newly discovered vulnerability (CVE-2023-36326) may allow potential attackers to execute arbitrary code, trigger denial of service, and escalate privileges on affected systems. This vulnerability exists due to an integer overflow issue present in versions of RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab.

Exploit Details

The reported vulnerability exists within the bn_grow function, which calls realloc to resize a dynamically allocated array. However, an integer overflow can occur when calculating the size to allocate for the new array. This size can be manipulated by an attacker, causing either a buffer overflow or underflow. As a result, malicious code may potentially be executed, causing denial of service or privilege escalation.

Here is the vulnerable code snippet with relevant comments added

// Vulnerable function definition
int bn_grow(bn_t a, int digits) {
  //...
  // Unbounded multiplication - may overflow if digits is large
  int new_size = digits * sizeof(dig_t);

  // Calling realloc with potential integer overflow in new_size
  a->dp = (dig_t *)realloc(a->dp, new_size);
  //...
}

Due to the lack of proper bounds checking and potential exploits, it is crucial to immediately update RELIC to the latest commit (34580d840469361ba9b5f001361cad659687b9ab) to mitigate the risks associated with this vulnerability.

Original References

1. RELIC Project - https://github.com/relic-toolkit/relic
2. Affected Commit in RELIC - https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab

Mitigation

To secure your implementation and ensure protection against this vulnerability, you must update your version of RELIC to commit 34580d840469361ba9b5f001361cad659687b9ab or a later version. To do this, please follow the below steps:

1) Clone the latest RELIC repository

$ git clone https://github.com/relic-toolkit/relic.git
$ cd relic

2) Checkout the updated commit

$ git checkout 34580d840469361ba9b5f001361cad659687b9ab

3) Build and install the updated RELIC library

$ cmake -G "Unix Makefiles" -DALLOC=OFF .
$ make
$ sudo make install

After completing these steps, your implementations that use RELIC will be secured against the CVE-2023-36326 vulnerability, minimizing risks related to arbitrary code execution, denial of service, and privilege escalation.

Conclusion

CVE-2023-36326 points to a critical vulnerability within the widely-used RELIC cryptographic library. Given the severity of this issue, it's essential to take immediate action to protect your systems from potential attacks by updating to the latest version of RELIC and ensuring that safeguards are in place to avoid similar vulnerabilities in the future. Stay informed about security news and vulnerabilities to maintain the safety of your projects and systems.

Timeline

Published on: 09/01/2023 16:15:08 UTC
Last modified on: 09/06/2023 00:04:24 UTC