Oracle Communications Cloud Native Core Unified Data Repository Signaling denial of service

Summaryinfo

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Unified Data Repository 23.1.1. This affects an unknown function of the component Signaling. This manipulation causes denial of service. This vulnerability appears as CVE-2022-4450. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability was found in Oracle Communications Cloud Native Core Unified Data Repository 23.1.1 (Cloud Software). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Signaling. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

The weakness was presented 07/18/2023 as Oracle Critical Patch Update Advisory - July 2023 as confirmed advisory (Website). It is possible to read the advisory at oracle.com. This vulnerability is known as CVE-2022-4450. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

The vulnerability scanner Nessus provides a plugin with the ID 211573 (Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)), which helps to determine the existence of the flaw in a target environment.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (211573). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Cloud Native Core Unified Data Repository

Version

• 23.1.1

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion