The Backend Engineering Show with Hussein Nasser

This dangerous OpenSSL vulnerability can easily be triggered | CVE-2022-2274 Explained

Listen Later

We discuss the CVE-2022-2274 OpenSSL Vulnerability.

The OpenSSL 3.0.4 release introduced a serious bug in the RSA

implementation for X86_64 CPUs supporting the AVX512IFMA instructions.

This issue makes the RSA implementation with 2048 bit private keys

incorrect on such machines and memory corruption will happen during

the computation. As a consequence of the memory corruption an attacker

may be able to trigger a remote code execution on the machine performing

the computation.

0:00 Intro

1:00 CVE-2022-2274

3:00 AVX512IFMA CISC

5:00 How the bug works

7:10 How can it be triggered

Resources

https://www.openssl.org/news/secadv/20220705.txt

https://github.com/openssl/openssl/issues/18625

https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/

https://eprint.iacr.org/2018/335

https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345

https://linux.die.net/man/3/bn_internal

https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html

https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/

Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)

https://network.husseinnasser.com

...more
View all episodesView all episodes
Download on the App Store
The Backend Engineering Show with Hussein NasserBy Hussein Nasser
  • 4.9
  • 4.9
  • 4.9
  • 4.9
  • 4.9

4.9

40 ratings

More shows like The Backend Engineering Show with Hussein Nasser

View all
Freakonomics Radio by Freakonomics Radio + Stitcher

Freakonomics Radio

32,246 Listeners

Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

273 Listeners

Risky Business by Patrick Gray

Risky Business

373 Listeners

Science Vs by Spotify Studios

Science Vs

12,170 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

987 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,110 Listeners

Practical AI by Practical AI LLC

Practical AI

209 Listeners

Within Reason by Alex J O'Connor

Within Reason

1,658 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

10,230 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

548 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

513 Listeners

Hard Fork by The New York Times

Hard Fork

5,547 Listeners

The AI Daily Brief: Artificial Intelligence News and Analysis by Nathaniel Whittemore

The AI Daily Brief: Artificial Intelligence News and Analysis

657 Listeners

Prof G Markets by Vox Media Podcast Network

Prof G Markets

1,469 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

74 Listeners