CVE-2023-2650

*** Pendiente de traducción *** Issue summary: Processing some specially crafted ASN.1 object identifiers or<br /> data containing them may be very slow.<br /> <br /> Impact summary: Applications that use OBJ_obj2txt() directly, or use any of<br /> the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message<br /> size limit may experience notable to very long delays when processing those<br /> messages, which may lead to a Denial of Service.<br /> <br /> An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -<br /> most of which have no size limit. OBJ_obj2txt() may be used to translate<br /> an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL<br /> type ASN1_OBJECT) to its canonical numeric text form, which are the<br /> sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by<br /> periods.<br /> <br /> When one of the sub-identifiers in the OBJECT IDENTIFIER is very large<br /> (these are sizes that are seen as absurdly large, taking up tens or hundreds<br /> of KiBs), the translation to a decimal number in text may take a very long<br /> time. The time complexity is O(n^2) with &amp;#39;n&amp;#39; being the size of the<br /> sub-identifiers in bytes (*).<br /> <br /> With OpenSSL 3.0, support to fetch cryptographic algorithms using names /<br /> identifiers in string form was introduced. This includes using OBJECT<br /> IDENTIFIERs in canonical numeric text form as identifiers for fetching<br /> algorithms.<br /> <br /> Such OBJECT IDENTIFIERs may be received through the ASN.1 structure<br /> AlgorithmIdentifier, which is commonly used in multiple protocols to specify<br /> what cryptographic algorithm should be used to sign or verify, encrypt or<br /> decrypt, or digest passed data.<br /> <br /> Applications that call OBJ_obj2txt() directly with untrusted data are<br /> affected, with any version of OpenSSL. If the use is for the mere purpose<br /> of display, the severity is considered low.<br /> <br /> In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,<br /> CMS, CMP/CRMF or TS. It also impacts anything that processes X.509<br /> certificates, including simple things like verifying its signature.<br /> <br /> The impact on TLS is relatively low, because all versions of OpenSSL have a<br /> 100KiB limit on the peer&amp;#39;s certificate chain. Additionally, this only<br /> impacts clients, or servers that have explicitly enabled client<br /> authentication.<br /> <br /> In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,<br /> such as X.509 certificates. This is assumed to not happen in such a way<br /> that it would cause a Denial of Service, so these versions are considered<br /> not affected by this issue in such a way that it would be cause for concern,<br /> and the severity is therefore considered low.