CERT-MU Vulnerability Note
OpenSSL Transport Layer Security Packet Parsing Integer Underflow Denial of Service Vulnerability
Original Issue Date:
May 02, 2012
Severity Rating: Medium
A vulnerability has been identified in OpenSSL and this can be exploited by remote attackers to cause a Denial of Service condition of the application using the library. The vulnerability exists because OpenSSL did not properly handle TLS record length values from the received TLS packets. After subtracting the number of padding bytes from the record length value, it did not check the resulting record length before subtracting the size of explicit IV (initialization vector for CBC encryption modes). This could lead to an integer underflow of the record length value, leading to a buffer over-read and out-of-bounds access. This vulnerability can be exploited by remote attackers to crash an application using OpenSSL by sending a specially TLS packet.
Users are advised to apply to version 1.0.1c, 1.0.0j, or 0.9.8x.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street