oss-sec mailing list archives
CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Fri, 02 May 2014 11:30:49 -0400
Hello, A null pointer dereference bug was discovered in so_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Marc Deslauriers (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- Re: Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 08)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- <Possible follow-ups>
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Theo de Raadt (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Leon Weber (Jun 05)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)