We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportWhy Redis Became the Most Popular Database on the Cloud in 2020
Using GitHub Actions ? Be Aware of this High-Severity Injection Bug Found in GitHub Actions
DO NOT COMMIT .ENV Files! BotNet Harvesting Credentials and API Keys from Public .ENV files
Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)
Communication Protocols QA - The Backend Engineering Show Live with Hussein Nasser
SAD DNS - A Clever DNS Cache Poisoning Attack
Is this the end of WebSockets? - The New WebTransport Protocol
Is FireFox HTTPS only Mode The death of HSTS?
Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)
đź”´ Facebook's is all about QUIC, MASQUE, RIP Kafka's Zookeeper, dotNET 5 and more! - Backend Engineering Show Live with Hussein Nasser
What is HTTP CONNECT? and Why MASQUE (Multiplexed Application Substrate over QUIC Encryption) is replacing it
HTTP/2 Push is Being Removed, let us discuss
Opening Old Wounds - Why Uber Engineering Switched from Postgres to MySQL
WebRTCÂ (Web Real-Time Communication)
GeoDNS, Active Active, MicroServices, Evil Garbage Collectors and More! Live with Hussein Nasser
Facebook Moves their Backend and Frontend to QUIC, it wasn’t smooth but they saw great results Let us discuss
Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine
Chrome dedicated certificate root store is coming soon, what does that mean? let us discuss
Remotely access any TCP/UDP service bound to a victim machine - Let us discuss NAT Slipstreaming
TLS - Live Stream (by Hussein Nasser)
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast