Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 02 May 2014 11:30:49 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write

Hello,

A null pointer dereference bug was discovered in so_ssl3_write(). An attacker
could possibly use this to cause OpenSSL to crash, resulting in a denial of service.

http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321

http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21

http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ