CVE-2023-36199 - SkaleNetwork sgxwallet v1.9. Vulnerability Discovered: Exploit Allows Denial of Service (DoS) in TrustedGenerateEcdsaKey Component

Security researchers have recently discovered a critical vulnerability in the SkaleNetwork sgxwallet version 1.9. and below. The vulnerability, assigned the unique identifier CVE-2023-36199, can potentially be exploited by an attacker to cause a Denial of Service (DoS) attack on the software's trustedGenerateEcdsaKey component. This blog post provides an in-depth look at the vulnerability, its impact, and the measures that must be taken to mitigate the risks associated with it.

Vulnerability Details

The vulnerability in question affects the SkaleNetwork sgxwallet application, specifically the trustedGenerateEcdsaKey component. It involves the improper handling of input data by the application, which can be exploited by an attacker to cause a DoS attack.

The sgxwallet application is designed to provide a secure and encrypted wallet for users to store their cryptographic keys. The trustedGenerateEcdsaKey component is an integral part of this process, responsible for generating Elliptic Curve Digital Signature Algorithm (ECDSA) keys for the user.

The Vulnerability lies in the improper handling of input data in the function responsible for generating ECDSA keys. The affected code snippet is shown below:

/* File: sgx_wallet.cpp */
void trustedGenerateEcdsaKey(const char *inputData, char *outputData, size_t count) {
    // .. omitted for brevity

    int result = generateECDSAKeyPair(ec, privateKey, serializedPublicKey, exp_nonce);

    // .. omitted for brevity
}

By providing a specially crafted input data to this function, an attacker can cause a buffer overflow, resulting in a crash of the application and a subsequent DoS condition.

Exploit Details

The exploit involves an attacker crafting malicious input data and sending it to the targeted sgxwallet application. This carefully constructed input data causes the trustedGenerateEcdsaKey component to overflow the allocated memory buffer and lead to a crash in the application, rendering it unresponsive.

An example of a payload that can be used in conjunction with the trustedGenerateEcdsaKey component to trigger the vulnerability is as follows:

# Example exploit code (proof-of-concept)
payload = "A" * 1024  # Over-sized input data

Mitigation and Recommendations

To safeguard against this vulnerability and ensure the security and stability of the sgx_wallet application and its users, SkaleNetwork has released an updated version of the software. Users are urged to upgrade to the latest version as soon as possible.

The latest version of the sgxwallet can be found here

https://github.com/skalenetwork/sgxwallet/releases

Conclusion

CVE-2023-36199 is a critical vulnerability present in SkaleNetwork sgxwallet version 1.9. and below. If left unaddressed, it can allow an attacker to cause a denial of service attack via the trustedGenerateEcdsaKey component. Users of the SkaleNetwork sgxwallet application must update their software to the latest version as soon as possible to protect their accounts and data from potential exploitation.

As the digital landscape continues to expand, and new technologies enter the mix, it is crucial to keep abreast of potential vulnerabilities and exploits. Regularly assessing and updating security measures are paramount to ensuring the ongoing safety and stability of digital assets.

Timeline

Published on: 08/25/2023 20:15:08 UTC
Last modified on: 08/29/2023 20:53:23 UTC