OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64-bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking I/O. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used, then it is likely that a segmentation fault will be triggered, thus enabling a potential denial of service attack.
This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Danner and Rainer Mueller as the original reporters.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Affected code was introduced upstream in 1.0.2 via: