Skip to content
Commit 77c77f0a authored by Matt Caswell's avatar Matt Caswell
Browse files

Multiblock corrupted pointer fix



OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 8b844953
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment