Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 01:35:45 -0400 (EDT)
Subject: Re: CVE ids for CyaSSL 2.9.4?

Hash: SHA1


> Issue #1 (Memory Corruption)
> lack a buffer length check in DoAlert()

Use CVE-2014-2896.

> Issue #2 (Out of bounds read)
> Affected Versions:  CyaSSL 2.5.0 - CyaSSL 2.9.0
> does not check the padding length for a verify failure

Use CVE-2014-2897.

> Issue #3 (Dangerous Default Behavior, out of bounds read)
> Affected Versions:  CyaSSL 2.9.0 and previous versions
> Vulnerability Type:  Unchecked Error Condition (CWE-391)
> A user who repeatedly calls CyaSSL_read() without checking the return
> code can cause an out-of-bound memory access

Use CVE-2014-2898.

> Issue #4 (NULL pointer dereference)
> requesting the peer certificate in a certificate parsing failure
> if an SSL client receives a client_key_exchange message ... if the
> client does not have the peer's ephemeral key.

Use CVE-2014-2899.

> Issue #5 (Unknown Critical Certificate Extension Allowed)
> CyaSSL previously accepted certificates with unknown critical extensions

Use CVE-2014-2900.

> TABLE V: Semantic discrepancies in certificate validation (incorrect
> answers in bold)

[Note that these last four CVE IDs are not for issues fixed in

> Intermediate CA not authorized to issue certificates for server's
> hostname

Use CVE-2014-2901.

> CA certificate not authorized for signing other certificates

Use CVE-2014-2902.

> Server certificate not authorized for use in SSL/TLS handshake

Use CVE-2014-2903.

> Server certificate not authorized for server authentication

Use CVE-2014-2904.

("Intermediate CA not authorized to issue further intermediate CA
certificates, but followed in the chain by an intermediate CA
certificate ... followed by a leaf CA certificate," also found in
TABLE V, is not a vulnerability. This is a violation of the X.509
specification that causes valid data to be rejected.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.