Skip to content
  1. Jan 26, 2017
    • Andy Polyakov's avatar
      crypto/evp: harden RC4_MD5 cipher. · 8e204996
      Andy Polyakov authored
      
      
      Originally a crash in 32-bit build was reported CHACHA20-POLY1305
      cipher. The crash is triggered by truncated packet and is result
      of excessive hashing to the edge of accessible memory (or bogus
      MAC value is produced if x86 MD5 assembly module is involved). Since
      hash operation is read-only it is not considered to be exploitable
      beyond a DoS condition.
      
      Thanks to Robert Święcki for report.
      
      CVE-2017-3731
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      8e204996
  2. Jan 25, 2017
  3. Jan 24, 2017
  4. Jan 23, 2017