Red Hat Bugzilla – Bug 1202345
CVE-2015-0290 openssl: multiblock corrupted pointer
Last modified: 2015-07-14 10:18:13 EDT
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64-bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking I/O. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used, then it is likely that a segmentation fault will be triggered, thus enabling a potential denial of service attack. This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a. Acknowledgements: Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Danner and Rainer Mueller as the original reporters.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Affected code was introduced upstream in 1.0.2 via: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=95783193
External References: https://openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=77c77f0a1b9f15b869ca3342186dfbedd1119d0e