CVE-2022-0778 : Infinite loop in BN_mod_sqrt()
Versions Affected : All SCALE versions prior to TrueNAS SCALE 22.02.0.1. All CORE versions priot to TrueNAS CORE 12.0-U8.1
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.
Base score 7.5
No workarounds available
- Do not use certificates that contain elliptic curve keys.
- TrueNAS CORE Jira Ticket NAS-115202
- TrueNAS CORE Commit : 595e88f
- TrueNAS CORE Commit : 60ce76f
- TrueNAS SCALE Jira Ticket NAS-115299
- TrueNAS SCALE Commit : 2c0af1f