Main Page

A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win – it snared an exploitable flaw in OpenSSL.

Bernd Edlinger discovered CVE-2020-1967, a denial-of-service flaw deemed to be a high severity risk by the OpenSSL team. It is possible to crash a server or application that uses a vulnerable build of OpenSSL by sending specially crafted messages while setting up a TLS 1.3 connection.

This means it's possible to disrupt or knock offline HTTPS websites that use a vulnerable version of the crypto library, by sending a prod-of-death. It can also be used by rogue servers to crash web browsers and other apps connecting in.

OpenSSL is a software library widely used to provide encrypted connections across networks and the internet. Here's the technical description from the OpenSSL maintainers of the flaw:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.
[...] The analyzer is available from the master branch of the GCC 10 source code. It's hoped the feature will be finalized in time for version 10's official release, due this month or next. The current latest version is 9.3.

Title		GCC 10 Gets Security Bug Trap. And Look What Just Fell Into it: OpenSSL and a Prod-Of-Death Flaw
Date		Friday April 24 2020, @06:42PM
Author		martyb
Topic
from the update-your-packages-now dept.

SoylentNews SoylentNews is people https://soylentnews.org/

SoylentNews
SoylentNews is people
https://soylentnews.org/