Opinionated Programmer - Jo Liss's musings on enlightened software development.

Technical causes of today's OpenSSL vulnerabilities

I like to study vulnerabilities to help me write more secure code. Here are the vulnerabilities listed in the March 19th OpenSSL advisory (secadv_20150319.txt), ordered by underlying cause.

Segfaults, enabling DoS (maybe worse)

NULL pointer dereference:

  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291): 34e3edb
  • Multiblock corrupted pointer (CVE-2015-0290): 1d2a18d
  • Segmentation fault for invalid PSS parameters (CVE-2015-0208): 09f0692
  • PKCS7 NULL pointer dereferences (CVE-2015-0289): c225c3c
  • X509_to_X509_REQ NULL pointer deref (CVE-2015-0288): 28a00bc

State reuse:

  • Segmentation fault in DTLSv1_listen (CVE-2015-0207): e83ee04
  • ASN.1 structure reuse memory corruption (CVE-2015-0287): 8106d61


  • Base64 decode (CVE-2015-0292): d0666f2

Double free / use after free:

  • Use After Free following d2i_ECPrivatekey error (CVE-2015-0209): 9e442d4, 5e5d53d

Unhandled dynamic type:

  • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286): e677e8d


  • Empty CKE with client auth and DHE (CVE-2015-1787): d3cc5e6

Failed assert, enabling DoS

  • DoS via reachable assert in SSLv2 servers (CVE-2015-0293): 86f8fb0

Cryptographic vulnerabilities, enabling MITM

Cipher downgrade:

  • Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204): ce325c6

Bad randomness:

  • Handshake with unseeded PRNG (CVE-2015-0285): e1b568d