Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 2 Jun 2009 11:02:33 +0200
From: Tomas Hoger <>
Subject: Re: Two OpenSSL DTLS remote DoS


There are 2 more issues that cause DTLS server to crash (NULL pointer
dereference DoS), detailed in upstream bug reports linked below.

DTLS: SegFault if ChangeCipherSpec is received before ClientHello

This was first fixed upstream in 0.9.8i.

DTLS fragment bug - out-of-sequence message handling

Here NULL pointer dereference resulting in DTLS server crash can happen in
dtls1_retrieve_buffered_fragment() during memcpy from frag->fragment.

This is fixed in 1.0.0-beta2, not yet in the latest 0.9.8 available at
the moment - 0.9.8k.

Both issues should be reproducible by connecting using 1.0.0-beta2
s_client to 0.9.8 s_server.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.