Date: Tue, 14 Jul 2015 09:48:17 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: AWS s2n On 07/14/2015 09:08 AM, Markus Vervier wrote: > > Hi, > > I would like to request a CVE for s2n. > > When a server is sending invalid DH values during a handshake a BIGNUM > value is not properly initialized. This causes a null pointer > dereference in a s2n based client leading to a crash or possible worse > on old systems (e.g. on Debian kernels lower than 2.6.26). > > Technical details and a patch are available here: > > https://github.com/awslabs/s2n/pull/124 > > The fix was merged and is in commit > 9af6ba1815dfd5c00361cc3bd45cee1d64e0c3bf. > > Markus I just looked at the pull: Markus Vervier noticed that our client side code isn't being defensive enough around DHE parameters and can pass on a "0" as the value of dh->p. Note: not that the the BIGNUM is NULL, but that the value of the number is a literal zero. [snip] Reminder: Client mode is disabled and won't be enabled until X509 validation is ready. But we can still make improvements and fixes in the meantime. so I'm not sure this needs a CVE as the code is not yet enabled. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert@...hat.com [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ