OpenSSL¤Ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²(DoS)¤ÎÀȼåÀ­¡¢¼êÆ°¥¢¥Ã¥×¥Ç¡¼¥È¤¬É¬Í×

JPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼(JPCERT/CC: Japan Computer Emergency Response Team Coordination Center)¤Ï¤³¤Î¤Û¤É¡¢¡ÖJVNVU#94875946: OpenSSL¤Ë¤ª¤±¤ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ÎÀȼåÀ­¡ÊSecurity Advisory [16th May 2024]¡Ë¡×¤Ë¤ª¤¤¤Æ¡¢OpenSSL¤Ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²(DoS: Denial of Service)¤ÎÀȼåÀ­¤¬Â¸ºß¤¹¤ë¤ÈÅÁ¤¨¤¿¡£

JVNVU#94875946: OpenSSL¤Ë¤ª¤±¤ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ÎÀȼåÀ­¡ÊSecurity Advisory [16th May 2024]¡Ë

¡ûÀȼåÀ­¤Ë´Ø¤¹¤ë¾ðÊó

ÀȼåÀ­¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£

openssl.org/news/secadv/20240516.txt

ÀȼåÀ­¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£

CVE-2024-4603 - Ĺ²á¤®¤ëDSA¸°¤Þ¤¿¤Ï¥Ñ¥é¥á¡¼¥¿¡¼¤Î³Îǧ¤ËÈó¾ï¤Ë»þ´Ö¤¬¤«¤«¤ë¡£¤½¤Î·ë²Ì¡¢¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¤Ë¤Ä¤Ê¤¬¤ë²ÄǽÀ­¤¬¤¢¤ë

¡ûÀȼåÀ­¤¬Â¸ºß¤¹¤ëÀ½ÉÊ

ÀȼåÀ­¤¬Â¸ºß¤¹¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

OpenSSL 3.3

OpenSSL 3.2

OpenSSL 3.1

OpenSSL 3.0

OpenSSL 1.1.1¤ª¤è¤Ó1.0.2¤Ï¤³¤ÎÀȼåÀ­¤Î±Æ¶Á¤ò¼õ¤±¤Ê¤¤¡£

¡ûÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤¿À½ÉÊ

ÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

OpenSSL 3.3 commit 53ea0648

OpenSSL 3.2 commit da343d06

OpenSSL 3.1 commit 9c39b385

OpenSSL 3.0 commit 3559e868

OpenSSL¤Î³«È¯¼Ô¤ÏÀȼåÀ­¤Î¿¼¹ïÅÙ¤òÄ㤤¤Èɾ²Á¤·¤Æ¤ª¤ê¡¢¶ÛµÞ¤Î½¤Àµ¥Ñ¥Ã¥Á¤òÄ󶡤·¤Æ¤¤¤Ê¤¤¡£±Æ¶Á¤ò¼õ¤±¤ë¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤ª¤ê®¤ä¤«¤ËÂкö¤·¤¿¤¤¾ì¹ç¤Ï¡¢GitHub¥ê¥Ý¥¸¥È¥ê¤«¤é¾åµ­¤Î½¤ÀµÈÇ¥½¡¼¥¹¥³¡¼¥É¤ò¼èÆÀ¤·¡¢¼êÆ°¤Ç¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ë¡£