Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 8425bb37eaf87c465ee1e420104acca0637cf157..2656e6616e0f45297f8c6166e0b75405be295736 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -292,6 +292,14 @@
  
  Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
 
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to avoid DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
   *) Initialise tkeylen properly when encrypting CMS messages.
      Thanks to Solar Designer of Openwall for reporting this issue.
      [Steve Henson]