Vigil@nce - OpenSSL: out-of-bounds memory reading
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a memory access at an invalid address in
OpenSSL, in order to trigger a denial of service, or to obtain
sensitive information.
Impacted products: OpenSSL.
Severity: 1/4.
Creation date: 09/06/2016.
DESCRIPTION OF THE VULNERABILITY
The source code of OpenSSL includes many loops where a pointer is
used to go through a buffer.
The definition of the C language allows a pointer to be off by one
byte after the buffer, but the behavior of any further access is
undefined. Several end of loop tests follows the forme "pointer +
current data length > end pointer" in such a way that these 2
expressions are not always defined according to the language
specification. An attacker which can control dynamic memory
allocations can trigger evaluation of undefined conditions and
perhaps invalid memory access.
An attacker can therefore force a memory access at an invalid
address in OpenSSL, in order to trigger a denial of service, or to
obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/OpenSSL-out-of-bounds-memory-reading-19855