1378127 – (CVE-2016-6305) CVE-2016-6305 openssl: SSL_peek() hang on empty record

Bug 1378127 (CVE-2016-6305) - CVE-2016-6305 openssl: SSL_peek() hang on empty record

Summary: CVE-2016-6305 openssl: SSL_peek() hang on empty record

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2016-6305
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1367347
TreeView+	depends on / blocked

Reported:	2016-09-21 14:26 UTC by Tomas Hoger
Modified:	2021-02-17 03:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openssl 1.1.0a
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-21 14:29:25 UTC
Embargoed:

Attachments	(Terms of Use)
OpenSSL upstream fix (1.21 KB, patch) 2016-09-21 14:28 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2662211	0	None	None	None	2016-09-28 00:43:51 UTC

Description Tomas Hoger 2016-09-21 14:26:36 UTC

Quoting form the draft of the OpenSSL upstream advisory:

SSL_peek() hang on empty record (CVE-2016-6305)
===============================================

Severity: Moderate

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an
empty record. This could be exploited by a malicious peer in a Denial Of Service
attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0a

This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The
fix was developed by Matt Caswell of the OpenSSL development team.

Comment 1 Tomas Hoger 2016-09-21 14:26:44 UTC

Acknowledgments:

Name: the OpenSSL project
Upstream: Alex Gaynor

Comment 2 Tomas Hoger 2016-09-21 14:28:11 UTC

Created attachment 1203332 [details]
OpenSSL upstream fix

Comment 3 Tomas Hoger 2016-09-21 14:28:48 UTC

Upstream bug with reproducer:

https://github.com/openssl/openssl/issues/1563

Comment 4 Tomas Hoger 2016-09-21 14:29:25 UTC

This issue only affected OpenSSL 1.1.0, which is not yet part of any Red Hat product.

Comment 5 Adam Mariš 2016-09-22 15:12:29 UTC

External References:

https://www.openssl.org/news/secadv/20160922.txt

Comment 6 Tomas Hoger 2016-09-26 10:33:39 UTC

Upstream commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=63658103d4441924f8dbfc517b99bb54758a98b9

Note You need to log in before you can comment on or make changes to this bug.