Versions Affected : All SCALE versions prior to TrueNAS SCALE 22.02.0.1. All CORE versions priot to TrueNAS CORE 12.0-U8.1

---

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.

Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.

CVSS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base score 7.5

Workaround

No workarounds available

---

Mitigation

• Do not use certificates that contain elliptic curve keys.

Commit

• TrueNAS CORE Jira Ticket NAS-115202
• TrueNAS CORE Commit : 595e88f
• TrueNAS CORE Commit : 60ce76f
• TrueNAS SCALE Jira Ticket NAS-115299
• TrueNAS SCALE Commit : 2c0af1f

Further information

• OpenSSL Security Announcement
• 
• MITRE CVE-2021-44142 Entry
• 
• NIST NVD Entry