Date: Fri, 18 Apr 2014 01:35:45 -0400 (EDT) From: cve-assign@...re.org To: geissert@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE ids for CyaSSL 2.9.4? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html > Issue #1 (Memory Corruption) > lack a buffer length check in DoAlert() Use CVE-2014-2896. > Issue #2 (Out of bounds read) > Affected Versions: CyaSSL 2.5.0 - CyaSSL 2.9.0 > does not check the padding length for a verify failure Use CVE-2014-2897. > Issue #3 (Dangerous Default Behavior, out of bounds read) > Affected Versions: CyaSSL 2.9.0 and previous versions > Vulnerability Type: Unchecked Error Condition (CWE-391) > A user who repeatedly calls CyaSSL_read() without checking the return > code can cause an out-of-bound memory access Use CVE-2014-2898. > Issue #4 (NULL pointer dereference) > requesting the peer certificate in a certificate parsing failure > > if an SSL client receives a client_key_exchange message ... if the > client does not have the peer's ephemeral key. Use CVE-2014-2899. > Issue #5 (Unknown Critical Certificate Extension Allowed) > CyaSSL previously accepted certificates with unknown critical extensions Use CVE-2014-2900. > https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf > TABLE V: Semantic discrepancies in certificate validation (incorrect > answers in bold) [Note that these last four CVE IDs are not for issues fixed in 2.9.4.] > Intermediate CA not authorized to issue certificates for server's > hostname Use CVE-2014-2901. > CA certificate not authorized for signing other certificates Use CVE-2014-2902. > Server certificate not authorized for use in SSL/TLS handshake Use CVE-2014-2903. > Server certificate not authorized for server authentication Use CVE-2014-2904. ("Intermediate CA not authorized to issue further intermediate CA certificates, but followed in the chain by an intermediate CA certificate ... followed by a leaf CA certificate," also found in TABLE V, is not a vulnerability. This is a violation of the X.509 specification that causes valid data to be rejected.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTULb8AAoJEKllVAevmvmsbMUIAJi7S8lW3pY3QBlgEwVVtU5u bPZ3Yyl2kkV43o8K4NpD5r8eZ9FfM8sJQhbjAMlrjLdHBbTHIAxSewNbrDY0T+gt fLAB6SPb7jcXQgRfSQ5GNiVdRrp5nCQt5YN/yvo6XVxR13yBM4WniUDBSgRBpR6j tw1GDUyjNBJOmlQ6DKNou8+T8wx4XWRIheuL1PjFSXuFOHEDNuPvDO90S/THU9xW Ysv2uV+rWPICxS7E/wsUBPaWKi7mkcu2kCesMMBcx86L8YdArcvl9K471xXSfgnj Wyi+VcD/67NRAH31pNqGVJ5AN4CM3ElB3delQDI/AdWT9KgYC5a4nS9YTbLMFGw= =SHEL -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.