Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
This dangerous OpenSSL vulnerability can easily be triggered | CVE-2022-2274 Explained
Manage episode 334455930 series 1954062
We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
512 tập
Manage episode 334455930 series 1954062
We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
512 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.