oss-sec mailing list archives
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 02 May 2014 12:17:57 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/02/2014 09:30 AM, Marc Deslauriers wrote:
Hello, A null pointer dereference bug was discovered in so_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig Could a CVE please be assigned to this issue? Thanks, Marc.
I think getting this one a CVE is time critical. Mitre: sorry if this causes a duplicate, but I'm assigning a CVE now. Please use CVE-2014-0198 for this issue. Also cc'ing Theo so OpenBSD gets notified for sure. Speaking of which Theo: should we get you or an OpenBSD deputy (Bob Beck?) onto distros@? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTY+FVAAoJEBYNRVNeJnmThQcP/jNvrL/2u5TMKRZjWMnLbHy3 4jjvpK62mS23fv0qa8XngyywejggN2/UieaU+f1htUfK4M5iFw0et5K1nhh30uGa 65efRf68z1IKFayibpEAwAq9yzNQOF2p3MaV4FTmz6yzuJSRAnc6WHm7jkM1vQgj LJz4z4eAcWcxzDnmEBVhYtLPw8DVw4JktN2rUOpflNLYCQsdOmSgCh3pZ1zpGDM7 LKRqxwNtRMm9fN+kqz/dZg2PsCWX92Y5x8VBGb6r7usSAOywZwtFzw/gWSwWyVwb aknz8z9He44TItotQaU43XoDGpRFkQXJ4SFtOS4h+63TzoSDxO0aLcT6m3WjWnEI y5rOrrFmtChlXl6wSPqxIshSLSwYPabfPr1HqsY2ZKmlob4y85dSx8bc3Dz+Q9H7 4gN8IInZmQLpPgtXOIbtTw7R9ZvxusaQJz4aQzRrY/367n3G9c4WG2Bjc8q4vWVb ELJd8qKqZTPOi7XsoVlWMMa9SmOFGbdJas1bLP0tCPPzZ64Y3ep2t/R5TmSFNscG m9+KJZoYtxEYVCsmxvJNKA31z36fyBYhVPJrgU6cNGcjw4rOh7eYwDI6ZFXucxgN 1qNs/ERhqxO+IL8EVw0tIpxSo3UE3ZCaNEK6fr+jA27y1ylzq/fN43tJZtWLLBRw 1RcW6jerNvSwr1Nq1BJe =+cMX -----END PGP SIGNATURE-----
Current thread:
- CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Marc Deslauriers (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- Re: Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 08)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- <Possible follow-ups>
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Theo de Raadt (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Leon Weber (Jun 05)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)