aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-04-10 09:14:16 -0400
committerJack Lloyd <[email protected]>2018-04-10 09:14:16 -0400
commit7ea78896c75f4c45f26175931cd08a555974f29d (patch)
treead8d36e7fc3d4901331562fe77fdde4b6c0f497d /doc
parent99bffd403a87527acefc3b5517370dc5fc99b390 (diff)
Add security advisory
Diffstat (limited to 'doc')
-rw-r--r--doc/security.rst11
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst
index d0b9504f3..8e661c0ad 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,6 +18,17 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
2018
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption
+
+ An off by one error in TLS CBC decryption meant that for a particular
+ malformed ciphertext, the receiver would miscompute a length field and HMAC
+ exactly 64K bytes of data following the record buffer as if it was part of the
+ message. This cannot be used to leak information since the MAC comparison will
+ subsequently fail and the connection will be closed. However it might be used
+ for denial of service. Found by OSS-Fuzz.
+
+ Bug introduced in 1.11.32, fixed in 2.6.0
+
* 2018-03-29 (CVE-2018-9127): Invalid wildcard match
RFC 6125 wildcard matching was incorrectly implemented, so that a wildcard