From: Matt Caswell <matt@openssl.org>
Date: Tue, 5 Mar 2024 16:01:20 +0000 (+0000)
Subject: Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug
X-Git-Tag: openssl-3.0.14~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daee101e39073d4b65a68faeb2f2de5ad7b05c36;p=thirdparty%2Fopenssl.git

Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24044)

(cherry picked from commit e32ad41b48c28d82339de064b05d5e269e5aed97)
---

diff --git a/CHANGES.md b/CHANGES.md
index b42dd83bc0e..5590704670f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,24 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 3.0.13 and 3.0.14 [xx XXX xxxx]
 
+ * Fixed an issue where some non-default TLS server configurations can cause
+   unbounded memory growth when processing TLSv1.3 sessions. An attacker may
+   exploit certain server configurations to trigger unbounded memory growth that
+   would lead to a Denial of Service
+
+   This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option
+   is being used (but not if early_data is also configured and the default
+   anti-replay protection is in use). In this case, under certain conditions,
+   the session cache can get into an incorrect state and it will fail to flush
+   properly as it fills. The session cache will continue to grow in an unbounded
+   manner. A malicious client could deliberately create the scenario for this
+   failure to force a Denial of Service. It may also happen by accident in
+   normal operation.
+
+   ([CVE-2024-2511])
+
+   *Matt Caswell*
+
  * New atexit configuration switch, which controls whether the OPENSSL_cleanup
    is registered when libcrypto is unloaded. This can be used on platforms
    where using atexit() from shared libraries causes crashes on exit.
@@ -19832,6 +19850,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
diff --git a/NEWS.md b/NEWS.md
index 11fc8b10b00..a06d9694c14 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,7 +20,8 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [under development]
 
-  * none
+  * Fixed unbounded memory growth with session handling in TLSv1.3
+    ([CVE-2024-2511])
 
 ### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
 
@@ -1474,6 +1475,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129