OpenSSL's released patches for a trio of denial-of-service bugs.
The first (CVE-2017-3731), turned up by Google's Robert wicki, only affects SSL/TLS servers running on 32-bit hosts. Depending on the cipher the host is using, a truncated packet crashes the system by triggering an out-of-bounds read.
It's version-specific: under OpenSSL 1.1.0 the relevant cipher is CHACHA20/POLY1305 and it's fixed in 1.1.0d. In OpenSSL 1.0.2, RC4-MD5 (which should have been disabled) is the target, and it's fixed in version 1.0.2k.
In (CVE-2017-3730), clients can be crashed if a malicious server supplies bad Diffie Hellman parameters in DHE/ECDHE (ephemeral) mode. The client is tricked into trying to dereference a NULL pointer. This only affects OpenSSL 1.1.0 and is fixed in 1.1.0d.
The OpenSSL advisory adds: “Note that this issue was fixed prior to it being recognised as a security concern. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3.”
There's a carry propagating bug in the x86_64 Montgomery squaring procedure (CVE-2017-3732). This is also fixed in OpenSSL 1.1.0d and 1.0.2k, and the advisory notes it would be difficult to exploit.
“The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers”, the advisory says.
The advisory is here .
