LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openssl: denial of service

Package(s):openssl CVE #(s):CVE-2011-0014
Created:February 11, 2011 Updated:May 19, 2011
Description: From the openssl advisory:

Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message.

This issue applies to the following versions:
1) OpenSSL 0.9.8h through 0.9.8q
2) OpenSSL 1.0.0 through 1.0.0c

The parsing function in question is already used on arbitrary data so no additional vulnerabilities are expected to be uncovered by this. However, an attacker may be able to cause a crash (denial of service) by triggering invalid memory accesses.

Alerts:
Gentoo 201110-01 2011-10-09
SUSE SUSE-SR:2011:005 2011-04-01
openSUSE openSUSE-SU-403 2011-03-28
Fedora FEDORA-2011-5876 2011-04-23
Fedora FEDORA-2011-5865 2011-04-23
Fedora FEDORA-2011-1255 2011-02-10
Ubuntu USN-1064-1 2011-02-15
Mandriva MDVSA-2011:028 2011-02-15
Fedora FEDORA-2011-1273 2011-02-10
Debian DSA-2162-1 2011-02-14
Slackware SSA:2011-041-04 2011-02-11
Red Hat RHSA-2011:0677-01 2011-05-19
SUSE SUSE-SU-403 2012-01-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds