🐛 Obsolete OpenSSL Protocol Detection #805
Description
What's happening?
Observed obsoleted OpenSSL Protocol was used in Android and iOS application.
Obsoleted OpenSSL version 3.3.2 has been found in Android application and OpenSSL version 3.3.3 has been found in iOS application. This version has vulnerable to the below CVE IDs
CVE ID
CVE-2024-6119
Invalid memory read in X.509 otherName comparison → potential crash (DoS)
CVE-2024-9143
Out-of-bounds memory access in EC parameter validation
CVE-2024-5535
Buffer over-read in SSL_select_next_proto() → crash/info disclosure
CVE-2024-13176
Timing side-channel in ECDSA signature handling
CVE-2024-12797
Raw Public Key (RPK) authentication flaw → possible MITM in some handshakes
Reproducible Code
Attack Scenario
MITM position & reconnaissance: Attacker intercepts TLS traffic and observes the client’s handshake behavior (ALPN, accepted cipher suites, whether RPK is ever used, ECDSA signature usage).
Trigger name-check crash / instability (CVE-2024-6119) Attacker presents a crafted certificate with malicious SAN/otherName that causes out-of-bounds memory read during name checking — forcing crashes or unstable behavior (DoS), disrupting monitoring and pushing the client into failover behavior that may reveal alternative endpoints or less secure fallbacks.
Exploit ALPN buffer over-read (CVE-2024-5535) While MITM, attacker sends specially crafted ALPN/next-protocol data to cause SSL_select_next_proto() to over-read memory; this can leak small memory fragments from the client process (possible disclosure of heap/stack contents, including session tokens/cookies) and/or crash the client.
Deliver malicious EC parameters (CVE-2024-9143) where accepted. If the client or application API accepts explicit GF(2^m) EC parameters (rare but possible in some protocols/APIs), the attacker supplies malformed parameters to trigger out-of-bounds access and memory corruption — potentially enabling more serious corruption or even remote code execution in the worst case.
Leverage RPK auth logic bug (CVE-2024-12797) if RPKs are used. If the app uses RFC7250 Raw Public Keys, present crafted handshake messages that exploit the verification logic, so the client accepts the attacker’s server as authenticated — achieving transparent MITM with no certificate checks.
Side-channel key extraction (CVE-2024-13176) as a longer-term attack. If attacker can repeatedly cause the client to perform ECDSA signatures and obtain high-precision timing measurements (local access, co-located attacker, or very low-latency remote timing), accumulate timing traces to recover private key bits over many operations (key compromise).Relevant log output
Remediation Recommendation
Highly recommend updating the OpenSSL to the latest available version.Device
Android and iOS
QuickCrypto Version
0.7.17
Can you reproduce this issue in the QuickCrypto Example app?
I didn't try (
Additional information
- I am using Expo
- I have read the Troubleshooting Guide
- I agree to follow this project's Code of Conduct
- I searched for similar issues in this repository and found none.