CVE-2015-1791

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

🔗 References (100)

• secalert@redhathttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• secalert@redhathttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• secalert@redhathttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
• secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• secalert@redhathttp://marc.info/?l=bugtraq&m=143880121627664&w=2