This dangerous OpenSSL vulnerability can easily be triggered | CVE-2022-2274 Explained

We discuss the CVE-2022-2274 OpenSSL Vulnerability. The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. 0:00 Intro 1:00 CVE-2022-2274 3:00 AVX512IFMA CISC 5:00 How the bug works 7:10 How can it be triggered Resources https://www.openssl.org/news/secadv/20220705.txt https://github.com/openssl/openssl/issues/18625 https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://eprint.iacr.org/2018/335 https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345 https://linux.die.net/man/3/bn_internal https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/ Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon) https://network.husseinnasser.com

Om Podcasten

Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own. Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering Buy me a coffee https://www.buymeacoffee.com/hnasr 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses