Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3942 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3942-2                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                         Sean Whitton     November 03, 2024                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : openssl     Version        : 1.1.1w-0+deb11u2     CVE ID         : CVE-2023-5678 CVE-2024-0727 CVE-2024-2511 CVE-2024-4741                      CVE-2024-5535 CVE-2024-9143     Debian Bug     : 1055473 1061582 1068658 1072113 1074487 1085378

    The previous update to openssl for Debian bullseye LTS was uploaded     with an incorrect version number.  As a result, the apt tool would not     select the updated package for installation on otherwise up-to-date     bullseye systems.  This has now been corrected.

    For Debian 11 bullseye, this problem has been fixed in version     1.1.1w-0+deb11u2.

    We recommend that you upgrade your openssl packages.

    For the detailed security status of openssl please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/openssl

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of openssl installed on the remote host is prior to 1.1.1zb. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-295-01 advisory.

    New openssl packages are available for Slackware 15.0 to fix a security issue.

Tenable has extracted the preceding description block directly from the openssl security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c6f4177c-8e29-11ef-98e7-84a93843eb75 advisory.

    The OpenSSL project reports:
    Low-level invalid GF(2^m) parameters lead to OOB memory access                (CVE-2024-9143) (Low)      Use of the low-level GF(2^m) elliptic curve APIs with untrusted                 explicit values for the field polynomial can lead to out-of-bounds                 memory reads or writes.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.1.8. It is, therefore, affected by a vulnerability as referenced in the 3.1.8 advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.2.4. It is, therefore, affected by a vulnerability as referenced in the 3.2.4 advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 1.0.2zl. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zl advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.3.3. It is, therefore, affected by a vulnerability as referenced in the 3.3.3 advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the 3.0.16 advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 1.1.1zb. It is, therefore, affected by a vulnerability as referenced in the 1.1.1zb advisory.

  - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the     field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory     writes can lead to an application crash or even a possibility of a remote code execution, however, in all     the protocols involving Elliptic Curve Cryptography that we're aware of, either only named curves are     supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary     (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a     vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509     certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any     problematic use-cases would have to be using an exotic curve encoding. The affected APIs include:
    EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions.
    Applications working with exotic explicit binary (GF(2^m)) curve parameters, that make it possible to     represent invalid field polynomials with a zero constant term, via the above or similar APIs, may     terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot     easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
    (CVE-2024-9143)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
209978	Debian dla-3942 : libcrypto1.1-udeb - security update	Nessus	Debian Local Security Checks	high
209508	Slackware Linux 15.0 openssl Vulnerability (SSA:2024-295-01)	Nessus	Slackware Local Security Checks	medium
209340	FreeBSD : OpenSSL -- OOB memory access vulnerability (c6f4177c-8e29-11ef-98e7-84a93843eb75)	Nessus	FreeBSD Local Security Checks	medium
209154	OpenSSL 3.1.0 < 3.1.8 Vulnerability	Nessus	Web Servers	medium
209153	OpenSSL 3.2.0 < 3.2.4 Vulnerability	Nessus	Web Servers	medium
209152	OpenSSL 1.0.2 < 1.0.2zl Vulnerability	Nessus	Web Servers	medium
209151	OpenSSL 3.3.0 < 3.3.3 Vulnerability	Nessus	Web Servers	medium
209150	OpenSSL 3.0.0 < 3.0.16 Vulnerability	Nessus	Web Servers	medium
209149	OpenSSL 1.1.1 < 1.1.1zb Vulnerability	Nessus	Web Servers	medium

Detections

Analytics

CVE-2024-9143

high

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium