Bug 1369504 (CVE-2016-2179) - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer
Summary: CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not remov...
Alias: CVE-2016-2179
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1369505 1369506 1369507 1377623 1377624 1377625 1377626 1381811 1381812
Blocks: 1367347
TreeView+ depends on / blocked
Reported: 2016-08-23 15:11 UTC by Adam Mariš
Modified: 2021-02-17 03:25 UTC (History)
41 users (show)

Fixed In Version: openssl 1.0.1u, openssl 1.0.2i
Doc Type: If docs needed, set a value
Doc Text:
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory.
Clone Of:
Last Closed: 2019-06-08 02:57:47 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2662211 0 None None None 2016-09-28 00:45:27 UTC
Red Hat Product Errata RHSA-2016:1940 0 normal SHIPPED_LIVE Important: openssl security update 2016-09-27 17:46:00 UTC

Description Adam Mariš 2016-08-23 15:11:29 UTC
It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections.

Upstream patch:


Comment 1 Adam Mariš 2016-08-23 15:12:15 UTC
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1369507]

Comment 2 Adam Mariš 2016-08-23 15:12:27 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1369505]

Comment 3 Adam Mariš 2016-08-23 15:12:38 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1369506]

Comment 4 Adam Mariš 2016-08-23 15:14:53 UTC
Another related flaw, with no CVE though:


Comment 6 Tomas Hoger 2016-09-22 12:05:40 UTC
Covered now by OpenSSL upstream security advisory and fixed in versions 1.0.1u and 1.0.2i.

DTLS buffered message DoS (CVE-2016-2179)

Severity: Low

In a DTLS connection where handshake messages are delivered out-of-order those
messages that OpenSSL is not yet ready to process will be buffered for later
use. Under certain circumstances, a flaw in the logic means that those messages
do not get removed from the buffer even though the handshake has been completed.
An attacker could force up to approx. 15 messages to remain in the buffer when
they are no longer required. These messages will be cleared when the DTLS
connection is closed. The default maximum size for a message is 100k. Therefore
the attacker could force an additional 1500k to be consumed per connection. By
opening many simulataneous connections an attacker could cause a DoS attack
through memory exhaustion.

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was
developed by Matt Caswell of the OpenSSL development team.

External References:


Comment 7 errata-xmlrpc 2016-09-27 13:54:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html

Note You need to log in before you can comment on or make changes to this bug.