oss-sec mailing list archives
Re: CVE ids for CyaSSL 2.9.4?
From: cve-assign () mitre org
Date: Fri, 18 Apr 2014 01:35:45 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Issue #1 (Memory Corruption) lack a buffer length check in DoAlert()
Use CVE-2014-2896.
Issue #2 (Out of bounds read) Affected Versions: CyaSSL 2.5.0 - CyaSSL 2.9.0 does not check the padding length for a verify failure
Use CVE-2014-2897.
Issue #3 (Dangerous Default Behavior, out of bounds read) Affected Versions: CyaSSL 2.9.0 and previous versions Vulnerability Type: Unchecked Error Condition (CWE-391) A user who repeatedly calls CyaSSL_read() without checking the return code can cause an out-of-bound memory access
Use CVE-2014-2898.
Issue #4 (NULL pointer dereference) requesting the peer certificate in a certificate parsing failure if an SSL client receives a client_key_exchange message ... if the client does not have the peer's ephemeral key.
Use CVE-2014-2899.
Issue #5 (Unknown Critical Certificate Extension Allowed) CyaSSL previously accepted certificates with unknown critical extensions
Use CVE-2014-2900.
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf TABLE V: Semantic discrepancies in certificate validation (incorrect answers in bold)
[Note that these last four CVE IDs are not for issues fixed in 2.9.4.]
Intermediate CA not authorized to issue certificates for server's hostname
Use CVE-2014-2901.
CA certificate not authorized for signing other certificates
Use CVE-2014-2902.
Server certificate not authorized for use in SSL/TLS handshake
Use CVE-2014-2903.
Server certificate not authorized for server authentication
Use CVE-2014-2904. ("Intermediate CA not authorized to issue further intermediate CA certificates, but followed in the chain by an intermediate CA certificate ... followed by a leaf CA certificate," also found in TABLE V, is not a vulnerability. This is a violation of the X.509 specification that causes valid data to be rejected.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTULb8AAoJEKllVAevmvmsbMUIAJi7S8lW3pY3QBlgEwVVtU5u bPZ3Yyl2kkV43o8K4NpD5r8eZ9FfM8sJQhbjAMlrjLdHBbTHIAxSewNbrDY0T+gt fLAB6SPb7jcXQgRfSQ5GNiVdRrp5nCQt5YN/yvo6XVxR13yBM4WniUDBSgRBpR6j tw1GDUyjNBJOmlQ6DKNou8+T8wx4XWRIheuL1PjFSXuFOHEDNuPvDO90S/THU9xW Ysv2uV+rWPICxS7E/wsUBPaWKi7mkcu2kCesMMBcx86L8YdArcvl9K471xXSfgnj Wyi+VcD/67NRAH31pNqGVJ5AN4CM3ElB3delQDI/AdWT9KgYC5a4nS9YTbLMFGw= =SHEL -----END PGP SIGNATURE-----
Current thread:
- CVE ids for CyaSSL 2.9.4? Raphael Geissert (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? cve-assign (Apr 17)