We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
--- Support this podcast: https://anchor.fm/hnasr/supportZero-downtime restarts
My thoughts on the CAP theorem
Fastly's Outage Took Down Amazon, Reddit, Stack Overflow and many other websites (Early reports)
The Backend of this Fintech Exposed Users' Personal Information - The Klarna Leak (Full Report)
13 TB of Dominos Pizza India customers’ data leaked and put on the Dark Web
QUIC is FINALLY a Standard. RIP TCP?
why it is very hard to cancel an HTTP request
The Flavors of Database Replication - The Backend Engineering Show with Hussein Nasser
Tor’s Connection Establishment - The Backend Engineering Show with Hussein Nasser
I almost Burnt out creating software engineering content on YouTube, here is what I learned
Long Polling and how it differs from Push, Poll and SSE - The Backend Engineering Show
The New Postgres 14 Looks Promising - The Backend Engineering Show with Hussein Nasser
The OSI Model by Example - The Backend Engineering Show with Hussein Nasser
Optimizing Communication and Networking in Database Systems
If you are using Let’s Encrypt Watch out for this
This is why Salesforce services went down on May 11 2021
How HAProxy forwards 2 Million Requests Per Second? - The Backend Engineering Show
The Tale of OLTP, OLAP, and HTAP in Data Warehousing - The Backend Engineering Show with Hussein Nasser
This Python And NodeJS IP Address Validation Vulnerability is Severe, Watch out
These Hackers Snuck their Trojan through PING
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon