We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportAn HTTP request journey to the Backend | Backend Engineering Show
The Journey of an HTTP request to the Backend | Backend Engineering Show
Log4DoS - New Denial of Service discovered in log4j | The Backend Engineering Show
Detailed analysis on the Amazon US-EAST-1 Outage - Video Podcast
Detailed analysis on the Amazon US-EAST-1 Outage | The Backend Engineering Show
The Log4j vulnerability | The Backend Engineering Show
Postgres HOT Optimization | The Backend Engineering Show
Postgresql index bloat | The Backend Engineering Show
What is the cost of Indexing too many columns - Udemy Q&A November 2021
when indexes are useless | The Backend Engineering Show
The cost rolling back transactions (postgres/mysql)
TLS and HTTPS Options in Microsoft IIS
On Graph Databases | The Backend Engineering Show
Certificates gone bad | The Backend Engineering Show
Detailed analysis on the facebook outage
Facebook, WhatsApp, Instagram is Down here’s what might’ve caused it (early report)
How Airline WIFI allows Texting but not Media in WhatsApp/iMessage
Spook.js - This will bloat Chrome even more | The Backend Engineering Show
SSL Striping | The Backend Engineering Show
TCP/IP turns 40 | The Backend Engineering Show
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast