[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write

[Posted June 11, 2014 by jake]

From:  Kurt Seifried <kseifried-H+wXaHxf7aLQT0dZR+AlfA-AT-public.gmane.org>
To:  oss-security-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8-AT-public.gmane.org, Assign a CVE Identifier <cve-assign-AZamIotjMK3YtjvyW6yDsg-AT-public.gmane.org>, theo-VON6Tr2NNtkmbxgs1yVkuA-AT-public.gmane.org
Subject:  Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write
Date:  Fri, 02 May 2014 12:17:57 -0600
Message-ID:  <5363E155.7020906@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2014 09:30 AM, Marc Deslauriers wrote:
> Hello,
> 
> A null pointer dereference bug was discovered in so_ssl3_write().
> An attacker could possibly use this to cause OpenSSL to crash,
> resulting in a denial of service.
> 
> http://rt.openssl.org/Ticket/Display.html?user=guest&...
>
>  
>
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/...
>
>  
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005...
>
>  Could a CVE please be assigned to this issue?
> 
> Thanks,
> 
> Marc.
> 

I think getting this one a CVE is time critical. Mitre: sorry if this
causes a duplicate, but I'm assigning a CVE now. Please use
CVE-2014-0198 for this issue. Also cc'ing Theo so OpenBSD gets
notified for sure. Speaking of which Theo: should we get you or an
OpenBSD deputy (Bob Beck?) onto distros@?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTY+FVAAoJEBYNRVNeJnmThQcP/jNvrL/2u5TMKRZjWMnLbHy3
4jjvpK62mS23fv0qa8XngyywejggN2/UieaU+f1htUfK4M5iFw0et5K1nhh30uGa
65efRf68z1IKFayibpEAwAq9yzNQOF2p3MaV4FTmz6yzuJSRAnc6WHm7jkM1vQgj
LJz4z4eAcWcxzDnmEBVhYtLPw8DVw4JktN2rUOpflNLYCQsdOmSgCh3pZ1zpGDM7
LKRqxwNtRMm9fN+kqz/dZg2PsCWX92Y5x8VBGb6r7usSAOywZwtFzw/gWSwWyVwb
aknz8z9He44TItotQaU43XoDGpRFkQXJ4SFtOS4h+63TzoSDxO0aLcT6m3WjWnEI
y5rOrrFmtChlXl6wSPqxIshSLSwYPabfPr1HqsY2ZKmlob4y85dSx8bc3Dz+Q9H7
4gN8IInZmQLpPgtXOIbtTw7R9ZvxusaQJz4aQzRrY/367n3G9c4WG2Bjc8q4vWVb
ELJd8qKqZTPOi7XsoVlWMMa9SmOFGbdJas1bLP0tCPPzZ64Y3ep2t/R5TmSFNscG
m9+KJZoYtxEYVCsmxvJNKA31z36fyBYhVPJrgU6cNGcjw4rOh7eYwDI6ZFXucxgN
1qNs/ERhqxO+IL8EVw0tIpxSo3UE3ZCaNEK6fr+jA27y1ylzq/fN43tJZtWLLBRw
1RcW6jerNvSwr1Nq1BJe
=+cMX
-----END PGP SIGNATURE-----

to post comments


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds