OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
Product: |
web/server/apache-24 |
web/server/apache-24/module/apache-ssl |
web/server/apache-24/module/apache-ssl-fips-140 |
web/server/apache-24/module/apache-lua |
web/server/apache-24/module/apache-ldap |
web/server/apache-24/module/apache-gss |
web/server/apache-24/module/apache-dbd |
web/java-servlet/tomcat-8 |
web/java-servlet/tomcat-8/tomcat-examples |
web/java-servlet/tomcat-8/tomcat-admin |
web/curl |
terminal/cssh |
terminal/cssh-526 |
terminal/cssh-522 |
system/display-manager/gdm |
system/display-manager/desktop-startup |
runtime/tcl-8/tcl-sqlite-3 |
mail/thunderbird |
mail/thunderbird/plugin/thunderbird-lightning |
mail/mailman |
library/speech/espeak |
library/security/openssl |
library/security/openssl/openssl-fips-140 |
library/python/pyatspi2 |
library/python/pyatspi2-35 |
library/python/pyatspi2-34 |
library/python/pyatspi2-27 |
library/perl-5/xml-simple |
library/perl-5/xml-simple-526 |
library/perl-5/xml-simple-522 |
library/perl-5/xml-sax |
library/perl-5/xml-sax-base |
library/perl-5/xml-sax-base-526 |
library/perl-5/xml-sax-base-522 |
library/perl-5/xml-sax-526 |
library/perl-5/xml-sax-522 |
library/perl-5/xml-parser |
library/perl-5/xml-parser-526 |
library/perl-5/xml-parser-522 |
library/perl-5/xml-namespacesupport |
library/perl-5/xml-namespacesupport-526 |
library/perl-5/xml-namespacesupport-522 |
library/perl-5/xml-libxml |
library/perl-5/xml-libxml-526 |
library/perl-5/xml-libxml-522 |
library/perl-5/pmtools |
library/perl-5/pmtools-526 |
library/perl-5/pmtools-522 |
library/perl-5/perl-x11-protocol |
library/perl-5/perl-x11-protocol-526 |
library/perl-5/perl-x11-protocol-522 |
library/perl-5/perl-tk |
library/perl-5/perl-tk-526 |
library/perl-5/perl-tk-522 |
library/perl-5/net-ssleay |
library/perl-5/net-ssleay-526 |
library/perl-5/net-ssleay-522 |
library/perl-5/gettext |
library/perl-5/gettext-526 |
library/perl-5/gettext-522 |
library/perl-5/dbd-sqlite |
library/perl-5/dbd-sqlite-526 |
library/perl-5/dbd-sqlite-522 |
library/perl-5/dbd-mysql |
library/perl-5/dbd-mysql-526 |
library/perl-5/dbd-mysql-522 |
library/perl-5/database |
library/perl-5/database-526 |
library/perl-5/database-522 |
library/perl-5/authen-pam |
library/perl-5/authen-pam-526 |
library/perl-5/authen-pam-522 |
library/perl-5/CGI |
library/perl-5/CGI-526 |
library/perl-5/CGI-522 |
library/liblouis |
library/desktop/webkitgtk4 |
library/desktop/speech-dispatcher |
library/desktop/dotconf |
image/library/libjpeg |
diagnostic/wireshark |
diagnostic/wireshark/wireshark-common |
diagnostic/wireshark/tshark |
database/sqlite-3 |
database/sqlite-3/documentation |
database/mysql-57 |
database/mysql-57/tests |
database/mysql-57/library |
database/mysql-57/embedded |
database/mysql-57/client |
database/mysql-56 |
database/mysql-56/tests |
database/mysql-56/library |
database/mysql-56/client |
database/mysql-55 |
database/mysql-55/tests |
database/mysql-55/library |
database/mysql-55/client |