[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: Re: found vulnerability in OpenSSL/LibreSSL dtls code (DoS) - at least 1.0.1j/latest
From: Joel Sing <jsing () openbsd ! org>
Date: 2014-10-22 15:30:47
Message-ID: 201410230230.48453.jsing () openbsd ! org
[Download RAW message or body]
On Wed, 22 Oct 2014, Markus Stenberg wrote:
> ssl/d1_pkt.c:680
>
> it assumes p is set.
>
> however, it is not always => hello, segmentation fault.
>
> To be more precise, for server (s->d1->listen is true) SSL3_RT_HANDSHAKE
> replays can cause a boom.
>
> (LibreSSL’s latest version is also vulnerable, line number 590)
>
> Cheers,
>
> -Markus
Fixed in d_pkt1.c r1.36 - thanks for the report!
--
"Stop assuming that systems are secure unless demonstrated insecure;
start assuming that systems are insecure unless designed securely."
- Bruce Schneier
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic