News
Vigil@nce - OpenSSL: denial of service via DTLS
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a short DTLS message, in order to force
OpenSSL to read at an invalid memory address, which stops the application.
Severity: 1/4
Creation date: 19/01/2012
IMPACTED PRODUCTS
OpenSSL
DESCRIPTION OF THE VULNERABILITY
The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol.
The dtls1_process_record() function of the ssl/d1_pkt.c file analyzes the received DTLS message. However, if the message size is shorter than the MAC (Message Authentication Code) size, the dtls1_process_record() function uses a negative rr->length value as the index of an array to read.
An attacker can therefore send a short DTLS message, in order to force OpenSSL to read at an invalid memory address, which stops the application.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
