Bug 1127502 - (CVE-2014-3507) CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments
CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140806,repor...
: Security
Depends On: 1127695 1127696 1127697 1127698 1127704 1127705 1127709 1128405 1128406 1128961 1181611
Blocks: 1127468 1127506
  Show dependency treegraph
 
Reported: 2014-08-06 22:06 EDT by Andrew Griffiths
Modified: 2016-12-04 15:47 EST (History)
57 users (show)

See Also:
Fixed In Version: openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb
Doc Type: Bug Fix
Doc Text:
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Griffiths 2014-08-06 22:06:15 EDT
It was found that an attacker could force OpenSSL to leak memory and never free it via DTLS packets.
Comment 1 Arun Babu Neelicattu 2014-08-07 01:52:43 EDT
External References:

https://www.openssl.org/news/secadv_20140806.txt
Comment 5 Tomas Hoger 2014-08-07 07:33:27 EDT
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127704]
Comment 6 Tomas Hoger 2014-08-07 07:33:32 EDT
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127705]
Comment 7 Tomas Hoger 2014-08-07 07:39:26 EDT
Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1127709]
Comment 8 Tomas Hoger 2014-08-07 10:33:10 EDT
This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from 1.0.0 to 1.0.1e).  Issue was introduced upstream in versions 0.9.8o and 1.0.0a via the following change:

https://rt.openssl.org/Ticket/Display.html?id=2230&user=guest&pass=guest
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c713a4c
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1507f3a
Comment 9 Fedora Update System 2014-08-09 03:34:38 EDT
openssl-1.0.1e-39.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-08-09 03:35:47 EDT
openssl-1.0.1e-39.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Martin Prpič 2014-08-12 03:42:58 EDT
IssueDescription:

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
Comment 13 errata-xmlrpc 2014-08-13 17:33:40 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1052 https://rhn.redhat.com/errata/RHSA-2014-1052.html
Comment 14 errata-xmlrpc 2014-08-14 00:45:10 EDT
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:1054 https://rhn.redhat.com/errata/RHSA-2014-1054.html
Comment 15 Vincent Danen 2014-08-20 10:38:31 EDT
Statement:

This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from 1.0.0 to 1.0.1e).  The issue was introduced upstream in versions 0.9.8o and 1.0.0a.

Note You need to log in before you can comment on or make changes to this bug.