iXsystems Logo Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
Back to homepage
  1. TrueNAS Security Advisories
  2. /
  3. Archived CVEs
  4. /
  5. CVE-2022-0778: Infinite loop in BN_mod_sqrt()

CVE-2022-0778: Infinite loop in BN_mod_sqrt()

Versions Affected : All SCALE versions prior to TrueNAS SCALE 22.02.0.1. All CORE versions prior to TrueNAS CORE 12.0-U8.1

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.

Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.

CVSS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base score 7.5

Workaround

No workarounds available

Mitigation

Do not use certificates that contain elliptic curve keys.

Commit

Further information

Back to SCALE Archive Back to CORE Archive

TrueNAS Core Logo
TrueNAS
CORETM | EnterpriseTM
Security TrueNAS SCALE Logo
TrueNAS
SCALETM | EnterpriseTM
Security TrueCommand Logo
TrueCommand®
Security TrueNAS Enterprise Logo
TrueNAS® | Enterprise
Hardware Solutions
Security