Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE ids for CyaSSL 2.9.4?
From: cve-assign () mitre org
Date: Fri, 18 Apr 2014 01:35:45 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

Issue #1 (Memory Corruption)
lack a buffer length check in DoAlert()

Use CVE-2014-2896.


Issue #2 (Out of bounds read)
Affected Versions:  CyaSSL 2.5.0 - CyaSSL 2.9.0
does not check the padding length for a verify failure

Use CVE-2014-2897.


Issue #3 (Dangerous Default Behavior, out of bounds read)
Affected Versions:  CyaSSL 2.9.0 and previous versions
Vulnerability Type:  Unchecked Error Condition (CWE-391)
A user who repeatedly calls CyaSSL_read() without checking the return
code can cause an out-of-bound memory access

Use CVE-2014-2898.


Issue #4 (NULL pointer dereference)
requesting the peer certificate in a certificate parsing failure

if an SSL client receives a client_key_exchange message ... if the
client does not have the peer's ephemeral key.

Use CVE-2014-2899.


Issue #5 (Unknown Critical Certificate Extension Allowed)
CyaSSL previously accepted certificates with unknown critical extensions

Use CVE-2014-2900.



https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
TABLE V: Semantic discrepancies in certificate validation (incorrect
answers in bold)

[Note that these last four CVE IDs are not for issues fixed in
2.9.4.]

Intermediate CA not authorized to issue certificates for server's
hostname

Use CVE-2014-2901.


CA certificate not authorized for signing other certificates

Use CVE-2014-2902.


Server certificate not authorized for use in SSL/TLS handshake

Use CVE-2014-2903.


Server certificate not authorized for server authentication

Use CVE-2014-2904.


("Intermediate CA not authorized to issue further intermediate CA
certificates, but followed in the chain by an intermediate CA
certificate ... followed by a leaf CA certificate," also found in
TABLE V, is not a vulnerability. This is a violation of the X.509
specification that causes valid data to be rejected.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTULb8AAoJEKllVAevmvmsbMUIAJi7S8lW3pY3QBlgEwVVtU5u
bPZ3Yyl2kkV43o8K4NpD5r8eZ9FfM8sJQhbjAMlrjLdHBbTHIAxSewNbrDY0T+gt
fLAB6SPb7jcXQgRfSQ5GNiVdRrp5nCQt5YN/yvo6XVxR13yBM4WniUDBSgRBpR6j
tw1GDUyjNBJOmlQ6DKNou8+T8wx4XWRIheuL1PjFSXuFOHEDNuPvDO90S/THU9xW
Ysv2uV+rWPICxS7E/wsUBPaWKi7mkcu2kCesMMBcx86L8YdArcvl9K471xXSfgnj
Wyi+VcD/67NRAH31pNqGVJ5AN4CM3ElB3delQDI/AdWT9KgYC5a4nS9YTbLMFGw=
=SHEL
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault