diff options
| -rw-r--r-- | CHANGES.md | 25 | ||||
| -rw-r--r-- | NEWS.md | 9 |
2 files changed, 34 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 7352e7e392..290f346dd9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,29 @@ OpenSSL 3.1 ### Changes between 3.1.5 and 3.1.6 [xx XXX xxxx] + * Fixed potential use after free after SSL_free_buffers() is called. + + The SSL_free_buffers function is used to free the internal OpenSSL + buffer used when processing an incoming record from the network. + The call is only expected to succeed if the buffer is not currently + in use. However, two scenarios have been identified where the buffer + is freed even when still in use. + + The first scenario occurs where a record header has been received + from the network and processed by OpenSSL, but the full record body + has not yet arrived. In this case calling SSL_free_buffers will succeed + even though a record has only been partially processed and the buffer + is still in use. + + The second scenario occurs where a full record containing application + data has been received and processed by OpenSSL but the application has + only read part of this data. Again a call to SSL_free_buffers will + succeed even though the buffer is still in use. + + ([CVE-2024-4741]) + + *Matt Caswell* + * Fixed an issue where checking excessively long DSA keys or parameters may be very slow. @@ -19991,6 +20014,8 @@ ndif <!-- Links --> +[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 +[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 @@ -21,6 +21,13 @@ OpenSSL 3.1 ### Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [under development] + * Fixed potential use after free after SSL_free_buffers() is called + ([CVE-2024-4741]) + + * Fixed an issue where checking excessively long DSA keys or parameters may + be very slow + ([CVE-2024-4603]) + * Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511]) @@ -1491,6 +1498,8 @@ OpenSSL 0.9.x <!-- Links --> +[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 +[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 |