The OpenSSL cryptographic library is widely used to protect communications between web servers and clients, such as browsers and apps, on the internet. Few consumers knowingly use the software, but it is important enough for Google’s July ban on Android apps in Google Play that used outdated versions of OpenSSL.
The OpenSSL open source project released versions 1.1.0a, 1.0.2i, and 1.0.1u of the library last Thursday to address 14 unremarkable bugs and one “high severity” flaw. The most serious bug prompted content distribution network, Akamai, to immediately roll out the fix.
But organizations that were quick to jump on the OpenSSL patch introduced an even more serious vulnerability than it fixed, according to an advisory from the OpenSSL project published on Monday.
OpenSSL encouraged any organization using OpenSSL 1.1.0 that moved up to 1.1.0a to urgently update to OpenSSL 1.1.0b.
The original bug, identified as CVE-2016-6307, addressed an issue caused by excessive allocation of memory in the tls_get_message_header(). This was deemed a “low severity” and “theoretical” denial of service risk that could arise due to missing checks on the length of messages sent to web servers.
However, a day after the patch was release, a Google security engineer discovered the patch resulted in a much more serious use-after-free flaw that could allow an attacker to execute malicious code.
OpenSSL explained that the buggy patch “resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved.”
“Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code,” it said,
The project also released a new fix for OpenSSL 1.0.2i to address a moderately severe bug.
“A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception,” the advisory stated.