Date: Fri, 02 May 2014 11:30:49 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Hello, A null pointer dereference bug was discovered in so_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ