CVE-2024-9143

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted<br /> explicit values for the field polynomial can lead to out-of-bounds memory reads<br /> or writes.<br /> <br /> Impact summary: Out of bound memory writes can lead to an application crash or<br /> even a possibility of a remote code execution, however, in all the protocols<br /> involving Elliptic Curve Cryptography that we&amp;#39;re aware of, either only "named<br /> curves" are supported, or, if explicit curve parameters are supported, they<br /> specify an X9.62 encoding of binary (GF(2^m)) curves that can&amp;#39;t represent<br /> problematic input values. Thus the likelihood of existence of a vulnerable<br /> application is low.<br /> <br /> In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,<br /> so problematic inputs cannot occur in the context of processing X.509<br /> certificates. Any problematic use-cases would have to be using an "exotic"<br /> curve encoding.<br /> <br /> The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),<br /> and various supporting BN_GF2m_*() functions.<br /> <br /> Applications working with "exotic" explicit binary (GF(2^m)) curve parameters,<br /> that make it possible to represent invalid field polynomials with a zero<br /> constant term, via the above or similar APIs, may terminate abruptly as a<br /> result of reading or writing outside of array bounds. Remote code execution<br /> cannot easily be ruled out.<br /> <br /> The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.