projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 77719ae) | patch
Fix for CVE-2014-0195
authorDr. Stephen Henson <steve@openssl.org>
Tue, 13 May 2014 17:48:31 +0000 (18:48 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 5 Jun 2014 12:24:50 +0000 (13:24 +0100)
commiteb6508d50c9a314b88ac155bd378cbd79a117c92
treecad41bd4bfd89fdfcc49f54c5241241b947d5325tree | snapshot
parent77719aefb8f549ccc7f04222174889615d62057bcommit | diff
Fix for CVE-2014-0195

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef744872edc2aa2a53d487d3e79c965a4ad3)
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.