oss-sec mailing list archives

Re: CVE request: Erlang POODLE TLS vulnerability

From: cve-assign () mitre org
Date: Fri, 27 Mar 2015 13:24:17 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From the release notes of Erlang 18.0-rc1:
http://www.erlang.org/news/85
"ssl: ... added padding check for
TLS-1.0 due to the Poodle vulnerability."

This indicates that Erlang was vulnerable to the TLS-variant of the
poodle vulnerability due to missing padding checks

this clearly is an implementation error and thus should be considered a
vuln.


Use CVE-2015-2774.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVFZGTAAoJEKllVAevmvmsrb8H/jlkxOnhkQ0hIZ/XURZYf31O
i2LIOF4W5YkEmuI8W1EI9s+3UDf0gbJ4tQ54djwG0BF9I48T1jrl+MxWcco0nK8Q
p2jDrqj28gjlPnxoOslUoTSMZqvHrl591OCRpkLn+1ggK8wL75gpEhEscGrux64u
GaAjg5fklTUqf9aGWwYADk2bRZS6lOVwHHErHn8bvXsiST3vvhqIL03xNJBIl4MH
2/Km1nigVtBEthhhkXAtAl5Vds7BKxUUJOdNAvqPIu7s17b3bG464txNGrpdk7I+
+ImUdaTHg+XS/9MrqhF8GylUMgtBeYuibp3xBqOZEEZzfzHtfJg8zFKmrjJE3g8=
=mfFG
-----END PGP SIGNATURE-----

Current thread:

CVE request: Erlang POODLE TLS vulnerability Hanno Böck (Mar 27)
- Re: CVE request: Erlang POODLE TLS vulnerability cve-assign (Mar 27)