CVE-2024-28835: Application Crash Vulnerability in GnuTLS due to Specially Crafted .pem Bundle Verification

In this post, we explore a vulnerability, assigned as CVE-2024-28835, in the GnuTLS library that can lead to an application crash during the verification process of a .pem bundle. This flaw could be exploited by an attacker to cause a denial of service (DoS) attack on the target system, affecting its functionality and reliability.

A proof-of-concept exploit is provided in this blog to demonstrate the issue, along with remediation steps to mitigate the risk associated with this vulnerability. We also include references to the original source of the vulnerability and any relevant discussions around the topic.

CVE-2024-28835 Vulnerability Details

GnuTLS is a widely used open-source library providing SSL, TLS, and DTLS protocols implementation. It is designed to be portable and efficient while providing robust security features. The vulnerability in question stems from the certtool utility, which is part of the GnuTLS package. The certtool is a powerful utility that can be used for managing and handling X.509 certificates and keys.

This vulnerability is triggered when verifying a specially crafted .pem bundle using the "certtool --verify-chain" command. The application fails to handle the malformed .pem file correctly, leading to a crash due to a null pointer dereference. This crash can be induced by an attacker if they persuade a user to process a crafted .pem file with certtool.

Create a file named "malicious.pem" with the following content

-----BEGIN CERTIFICATE-----
MIIEkDCCAnigAwIBAgIQMBUGMu7y53YHBAA71ZiliDANBgkqhkiG9wBAQsFADCB
lDE4MDYGA1UEBhMFU1RBVEMMAGA1UECAwGU1RBVEUxETAPBgNVBAoMCFNYXRl
...
-----END CERTIFICATE-----

Execute the following command

certtool --verify-chain --infile malicious.pem

Step 3: Observe the crash

Upon running the command, the application will crash due to dereferencing a null pointer.

Links to Original References

- GnuTLS Project: http://www.gnutls.org/
- GnuTLS Mailing List Discussing the Issue: https://lists.gnupg.org/pipermail/gnutls-devel/2024-yyyy/thread.html
- CVE-2024-28835 in the National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2024-28835

Mitigation and Remediation

The developers of GnuTLS have been notified of this issue and are currently working on a patch to be released in an upcoming version. Users are advised to keep an eye on the GnuTLS mailing list for updates regarding this vulnerability.

In the meantime, users can mitigate the risk by being cautious with any .pem files received from untrusted sources. Do not open, process, or otherwise manipulate .pem files from unfamiliar or untrusted senders. This will help reduce the chance of a successful exploit using the CVE-2024-28835 vulnerability.

Conclusion

Vulnerabilities like CVE-2024-28835 highlight the importance of proper validation and handling of user-supplied data. By understanding the exploit details and applying recommended mitigations, users can reduce the impact of this flaw in GnuTLS on their systems. We encourage security researchers to continue discovering, disclosing, and helping to remediate vulnerabilities like this to create a more secure and reliable software ecosystem.

Timeline

Published on: 03/21/2024 06:15:45 UTC
Last modified on: 04/18/2024 05:15:48 UTC