Bug 1369504 (CVE-2016-2179)

Summary: CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apmukher, bbaranow, bmaxwell, cdewolf, chazlett, csutherl, dandread, darran.lofthouse, dimitris, dosoudil, erik-fedora, fgavrilo, gzaronik, jaeshin, jawilson, jclere, jondruse, jshepherd, ktietz, lgao, marcandre.lureau, mbabacek, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rstancel, rsvoboda, sardella, slawomir, tmraz, twalsh, vtunka, weli, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: openssl 1.0.1u, openssl 1.0.2i Doc Type: If docs needed, set a value
Doc Text:
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:57:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1369505, 1369506, 1369507, 1377623, 1377624, 1377625, 1377626, 1381811, 1381812    
Bug Blocks: 1367347    

Description Adam Mariš 2016-08-23 15:11:29 UTC
It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections.

Upstream patch:


Comment 1 Adam Mariš 2016-08-23 15:12:15 UTC
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1369507]

Comment 2 Adam Mariš 2016-08-23 15:12:27 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1369505]

Comment 3 Adam Mariš 2016-08-23 15:12:38 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1369506]

Comment 4 Adam Mariš 2016-08-23 15:14:53 UTC
Another related flaw, with no CVE though:


Comment 6 Tomas Hoger 2016-09-22 12:05:40 UTC
Covered now by OpenSSL upstream security advisory and fixed in versions 1.0.1u and 1.0.2i.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those
messages that OpenSSL is not yet ready to process will be buffered for later
use. Under certain circumstances, a flaw in the logic means that those messages
do not get removed from the buffer even though the handshake has been completed.
An attacker could force up to approx. 15 messages to remain in the buffer when
they are no longer required. These messages will be cleared when the DTLS
connection is closed. The default maximum size for a message is 100k. Therefore
the attacker could force an additional 1500k to be consumed per connection. By
opening many simulataneous connections an attacker could cause a DoS attack
through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was
developed by Matt Caswell of the OpenSSL development team.

External References:


Comment 7 errata-xmlrpc 2016-09-27 13:54:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html