Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2022-21449 #1992

Closed
boaks opened this issue Apr 21, 2022 · 4 comments
Closed

CVE-2022-21449 #1992

boaks opened this issue Apr 21, 2022 · 4 comments

Comments

@boaks
Copy link
Contributor

boaks commented Apr 21, 2022
edited
Loading

CVE-2022-21449

WikiPedia -Elliptic Curve Digital Signature Algorithm

Oracle Critical Patch Update Advisory - April 2022

openjdk - 15, 17, 18

CVE-2022-21449: Psychic Signatures in Java

Edited:

ECDSA is reported to be broken for java 15, 16, 17 and 18, if malicious values in the signature is used.
The signature consists of two INTEGER. Both must be with a valid range [1 ... N-1].
If not, e.g. the INTEGER are 0, then the signature always passes the verification.

That enables an attacker to present a signature, the other can't really verify.
A server will not be able to check the client's signature (and so it's authentication).
A client will not be able to check the server's signature (and so it's authentication).
That enables MiM attacks.
It is also not possible, to verify ECDSA signatures in a x509 certificate chain.

Please update the JVM accordingly.

To check the ECDSA vulnerability of your jvm and the Californium DTLS work-around, please update to the current master.

> mvn test -Dtest="Asn1DerDecoderTest#testBrokenEcdsa" -DfailIfNoTests=false -pl element-connector
...
Java 17.0.2, SunEC version 17 is vulnerable for ECDSA R := 0, CVE-2022-21449!
Java 17.0.2, SunEC version 17 is vulnerable for ECDSA R := N, CVE-2022-21449!
...

Or

...
Java 17.0.3, SunEC version 17 is not vulnerable for ECDSA R := 0, CVE-2022-21449!
Java 17.0.3, SunEC version 17 is not vulnerable for ECDSA R := N, CVE-2022-21449!
...

(With a fixed jvm/jce.)

  1. April 2022:

Currently fixed versions:
17.0.3
18.0.1

Still not fixed
15.0.2
16.0.2

Not affected:
java 11, java 8, java 7.

Also not affected:
Bouncy Castle (checked with 1.70).

> mvn test -Dtest="Asn1DerDecoderTest#testBrokenEcdsa" -DfailIfNoTests=false -pl element-connector -Pbc-tests
...
Java 17.0.2, BC version 1.7 is not vulnerable for ECDSA R := 0, CVE-2022-21449!
Java 17.0.2, BC version 1.7, possible: error decoding signature bytes.
Java 17.0.2, BC version 1.7 is not vulnerable for ECDSA R := N, CVE-2022-21449!
...
@boaks boaks pinned this issue Apr 21, 2022
@boaks
Copy link
Contributor Author

boaks commented Apr 22, 2022

See PR #1996

@boaks
Copy link
Contributor Author

boaks commented Apr 22, 2022

Some distribution have already a release of java 17.0.3, others are pending.
Maybe PR #1996 helps in the meantime for DTLS.

This was referenced Apr 24, 2022
Closed
Closed
@boaks
Copy link
Contributor Author

boaks commented Apr 25, 2022

See #2001. The minor version 3.5.0 should get available during today.

@boaks
Copy link
Contributor Author

boaks commented May 14, 2022

In the meantime, the most JCE of the jvm have been fixed, at least those with LTS.
For java 15 and 16 please update to 17.0.3.

@boaks boaks closed this as completed May 14, 2022
@boaks boaks unpinned this issue May 14, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@boaks