Bug 912294 (CVE-2014-3571) - VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record
Summary: VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record
Status: RESOLVED FIXED
Alias: CVE-2014-3571
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:60183:moderate maint:re...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-08 15:46 UTC by Marcus Meissner
Modified: 2022-02-16 21:17 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-01-08 15:46:47 UTC 
via openssl git

1.0.1

commit 45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b
Author: Matt Caswell <matt@openssl.org>
Date:   Sat Jan 3 00:54:35 2015 +0000

    Follow on from CVE-2014-3571. This fixes the code that was the original source
    of the crash due to p being NULL. Steve's fix prevents this situation from
    occuring - however this is by no means obvious by looking at the code for
    dtls1_get_record. This fix just makes things look a bit more sane.
    
    Reviewed-by: Dr Steve Henson <steve@openssl.org>

commit 8d7aab986b499f34d9e1bc58fbfd77f05c38116e
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Sat Jan 3 00:45:13 2015 +0000

    Fix crash in dtls1_get_record whilst in the listen state where you get two
    separate reads performed - one for the header and one for the body of the
    handshake record.
    
    CVE-2014-3571
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
Comment 1 Marcus Meissner 2015-01-08 15:52:42 UTC 
0.9.8 has:

commit 50befdb659585b9840264c77708d2dc638624137
Author: Matt Caswell <matt@openssl.org>
Date:   Sat Jan 3 00:54:35 2015 +0000

    Follow on from CVE-2014-3571. This fixes the code that was the original source
    of the crash due to p being NULL. Steve's fix prevents this situation from
    occuring - however this is by no means obvious by looking at the code for
    dtls1_get_record. This fix just makes things look a bit more sane.
    
    Conflicts:
        ssl/d1_pkt.c
    
    Reviewed-by: Dr Stephen Henson <steve@openssl.org>

commit 46bf0ba87665c5aa215673d87e9ee7dd4ce28359
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Sat Jan 3 00:45:13 2015 +0000

    Fix crash in dtls1_get_record whilst in the listen state where you get two
    separate reads performed - one for the header and one for the body of the
    handshake record.
    
    CVE-2014-3571
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    
    Conflicts:
        ssl/s3_pkt.c
Comment 2 Marcus Meissner 2015-01-08 16:05:31 UTC 
http://openssl.org/news/secadv_20150108.txt


DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================

Severity: Moderate

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
Comment 3 Swamp Workflow Management 2015-01-08 23:01:01 UTC 
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2015-01-09 12:00:28 UTC 
This is an autogenerated message for OBS integration:
This bug (912294) was mentioned in
https://build.opensuse.org/request/show/280570 Factory / openssl
Comment 15 Swamp Workflow Management 2015-01-23 19:06:15 UTC 
openSUSE-SU-2015:0130-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 911399,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3569,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.16.2
openSUSE 13.1 (src):    openssl-1.0.1k-11.64.2
Comment 17 Swamp Workflow Management 2015-01-29 00:07:12 UTC 
SUSE-SU-2015:0166-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SLE CLIENT TOOLS 10 for x86_64 (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 for s390x (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 (src):    openssl-0.9.8a-18.88.1
Comment 18 Swamp Workflow Management 2015-01-29 06:06:20 UTC 
SUSE-SU-2015:0172-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.68.1
SUSE Manager 1.7 for SLE 11 SP2 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.88.1
Comment 19 Swamp Workflow Management 2015-01-31 02:06:40 UTC 
SUSE-SU-2015:0172-2: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openssl-0.9.8j-0.68.1
Comment 20 Swamp Workflow Management 2015-01-31 05:07:05 UTC 
SUSE-SU-2015:0181-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 906878,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Security Module 11 SP3 (src):    openssl1-1.0.1g-0.24.1
Comment 21 Marcus Meissner 2015-02-03 16:38:23 UTC 
released
Comment 22 Swamp Workflow Management 2015-02-03 17:11:50 UTC 
SUSE-SU-2015:0205-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 855676,895129,901902,906878,908362,908372,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-17.1
Comment 23 Swamp Workflow Management 2015-02-17 15:06:30 UTC 
SUSE-SU-2015:0305-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 892403,912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-0224,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-70.2
SUSE Linux Enterprise Desktop 12 (src):    compat-openssl098-0.9.8j-70.2
Comment 25 Swamp Workflow Management 2022-02-16 21:17:06 UTC 
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.