Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2014 09:30 AM, Marc Deslauriers wrote:
> Hello,
>
> A null pointer dereference bug was discovered in so_ssl3_write().
> An attacker could possibly use this to cause OpenSSL to crash,
> resulting in a denial of service.
>
> http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
>
>  
> http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21
>
>  
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig
>
>  Could a CVE please be assigned to this issue?
>
> Thanks,
>
> Marc.

I think getting this one a CVE is time critical. Mitre: sorry if this
causes a duplicate, but I'm assigning a CVE now. Please use
CVE-2014-0198 for this issue. Also cc'ing Theo so OpenBSD gets
notified for sure. Speaking of which Theo: should we get you or an
OpenBSD deputy (Bob Beck?) onto distros@?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTY+FVAAoJEBYNRVNeJnmThQcP/jNvrL/2u5TMKRZjWMnLbHy3
4jjvpK62mS23fv0qa8XngyywejggN2/UieaU+f1htUfK4M5iFw0et5K1nhh30uGa
65efRf68z1IKFayibpEAwAq9yzNQOF2p3MaV4FTmz6yzuJSRAnc6WHm7jkM1vQgj
LJz4z4eAcWcxzDnmEBVhYtLPw8DVw4JktN2rUOpflNLYCQsdOmSgCh3pZ1zpGDM7
LKRqxwNtRMm9fN+kqz/dZg2PsCWX92Y5x8VBGb6r7usSAOywZwtFzw/gWSwWyVwb
aknz8z9He44TItotQaU43XoDGpRFkQXJ4SFtOS4h+63TzoSDxO0aLcT6m3WjWnEI
y5rOrrFmtChlXl6wSPqxIshSLSwYPabfPr1HqsY2ZKmlob4y85dSx8bc3Dz+Q9H7
4gN8IInZmQLpPgtXOIbtTw7R9ZvxusaQJz4aQzRrY/367n3G9c4WG2Bjc8q4vWVb
ELJd8qKqZTPOi7XsoVlWMMa9SmOFGbdJas1bLP0tCPPzZ64Y3ep2t/R5TmSFNscG
m9+KJZoYtxEYVCsmxvJNKA31z36fyBYhVPJrgU6cNGcjw4rOh7eYwDI6ZFXucxgN
1qNs/ERhqxO+IL8EVw0tIpxSo3UE3ZCaNEK6fr+jA27y1ylzq/fN43tJZtWLLBRw
1RcW6jerNvSwr1Nq1BJe
=+cMX
-----END PGP SIGNATURE-----