Bug 1378127 (CVE-2016-6305) - CVE-2016-6305 openssl: SSL_peek() hang on empty record
Summary: CVE-2016-6305 openssl: SSL_peek() hang on empty record
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-6305
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1367347
TreeView+ depends on / blocked
 
Reported: 2016-09-21 14:26 UTC by Tomas Hoger
Modified: 2021-02-17 03:18 UTC (History)
2 users (show)

Fixed In Version: openssl 1.1.0a
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-21 14:29:25 UTC


Attachments (Terms of Use)
OpenSSL upstream fix (1.21 KB, patch)
2016-09-21 14:28 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2662211 0 None None None 2016-09-28 00:43:51 UTC

Description Tomas Hoger 2016-09-21 14:26:36 UTC
Quoting form the draft of the OpenSSL upstream advisory:

SSL_peek() hang on empty record (CVE-2016-6305)
===============================================

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an
empty record. This could be exploited by a malicious peer in a Denial Of Service
attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The
fix was developed by Matt Caswell of the OpenSSL development team.

Comment 1 Tomas Hoger 2016-09-21 14:26:44 UTC
Acknowledgments:

Name: the OpenSSL project
Upstream: Alex Gaynor

Comment 2 Tomas Hoger 2016-09-21 14:28:11 UTC
Created attachment 1203332 [details]
OpenSSL upstream fix

Comment 3 Tomas Hoger 2016-09-21 14:28:48 UTC
Upstream bug with reproducer:

https://github.com/openssl/openssl/issues/1563

Comment 4 Tomas Hoger 2016-09-21 14:29:25 UTC
This issue only affected OpenSSL 1.1.0, which is not yet part of any Red Hat product.

Comment 5 Adam Mariš 2016-09-22 15:12:29 UTC
External References:

https://www.openssl.org/news/secadv/20160922.txt


Note You need to log in before you can comment on or make changes to this bug.