Bug 1227238 (CVE-2024-34703)

Summary: VUL-0: CVE-2024-34703: TRACKERBUG: Botan: denial of service due to overly large elliptic curve parameters
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: camila.matos, kstreitova
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/412444/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-34703:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1227239    
Bug Blocks:    

Description SMASH SMASH 2024-07-01 13:55:09 UTC 
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34703
https://www.cve.org/CVERecord?id=CVE-2024-34703
https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4
https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
https://bugzilla.redhat.com/show_bug.cgi?id=2294868
Comment 2 Camila Camargo de Matos 2024-07-01 13:58:55 UTC 
Botan at versions earlier than 2.7.0 seem to not be affected by this issue, as it does not include the changes from commit ee4813b2 [0], which is the commit that introduced the prime number check that leads to the excessive computation described by the CVE.

[0] https://github.com/randombit/botan/commit/ee4813b2ce873c6965391c0543bf4dfc25fa2338
Comment 4 OBSbugzilla Bot 2024-07-15 09:15:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1227238) was mentioned in
https://build.opensuse.org/request/show/1187488 Backports:SLE-15-SP5 / Botan
https://build.opensuse.org/request/show/1187501 Backports:SLE-15-SP6 / Botan
Comment 5 Marcus Meissner 2024-07-16 10:04:48 UTC 
openSUSE-SU-2024:0201-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1227238,1227607,1227608
CVE References: CVE-2024-34702,CVE-2024-34703,CVE-2024-39312
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    Botan-2.19.5-bp155.2.3.1
Comment 6 Angel Yankov 2024-07-17 13:34:07 UTC 
Updated to 2.19.5 in Backports for SP5 and SP6 with fixes for this and related CVEs in processing of constraints in certificates. SLE12:SP5 is carrying extremely old, unsupported version, backporting the fix to that is unfeasible.