oss-security - CVE Request: OpenSSL NULL pointer dereference in do_ssl3

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <5363BA29.4000005@canonical.com>
Date: Fri, 02 May 2014 11:30:49 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write

Hello,

A null pointer dereference bug was discovered in so_ssl3_write(). An attacker
could possibly use this to cause OpenSSL to crash, resulting in a denial of service.

http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321

http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21

http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.