Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and

DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
author: Dr. Stephen Henson <steve@openssl.org> 2012-05-10 15:10:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-05-10 15:10:15 +0000
commit: d414a5a0f041af6ef460150b093049ff80921fbf (patch)
tree: 3f038f776c764624347e4bffee2f712516cadb3b /CHANGES
parent: 9eb4460e68ddbd7ba048349dadec5ae66a9d3756 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 1e2f31277f..5ccf3a06f4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
 
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
   *) Initialise tkeylen properly when encrypting CMS messages.
      Thanks to Solar Designer of Openwall for reporting this issue.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2012-05-10 15:10:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-05-10 15:10:15 +0000
commit	d414a5a0f041af6ef460150b093049ff80921fbf (patch)
tree	3f038f776c764624347e4bffee2f712516cadb3b /CHANGES
parent	9eb4460e68ddbd7ba048349dadec5ae66a9d3756 (diff)