Bug 999667 (CVE-2016-6305) - VUL-0: CVE-2016-6305: openssl: SSL_peek() hang on empty record
Summary: VUL-0: CVE-2016-6305: openssl: SSL_peek() hang on empty record
Status: RESOLVED UPSTREAM
Alias: CVE-2016-6305
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:RedHat:CVE-2016-6305:4.3:(AV:...
Keywords:
Depends on:
Blocks: 999665
  Show dependency treegraph
 
Reported: 2016-09-19 13:14 UTC by Alexander Bergmann
Modified: 2016-09-22 19:53 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Swamp Workflow Management 2016-09-19 22:00:55 UTC 
bugbot adjusting priority
Comment 3 Vítězslav Čížek 2016-09-20 09:42:16 UTC 
Affects openssl 1.1.0 only. None of our distributions are affected.
Comment 4 Marcus Meissner 2016-09-22 10:57:46 UTC 
in git

commit 63658103d4441924f8dbfc517b99bb54758a98b9
Author: Matt Caswell <matt@openssl.org>
Date:   Sat Sep 10 21:24:40 2016 +0100

    Fix a hang with SSL_peek()
    
    If while calling SSL_peek() we read an empty record then we go into an
    infinite loop, continually trying to read data from the empty record and
    never making any progress. This could be exploited by a malicious peer in
    a Denial Of Service attack.
    
    CVE-2016-6305
    
    GitHub Issue #1563
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
Comment 5 Marcus Meissner 2016-09-22 10:58:27 UTC 
only openssl 1.1 is affected, which we are not shipping yet.