GHSA-rp9h-rf7g-hwgr: s2n-tls has undefined behavior at process exit

November 14, 2024

s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a segmentation fault or other undefined behavior.

Customers of AWS services do not need to take action. Applications using s2n-tls should upgrade to the most recent release of s2n-tls.

Impacted versions: < v1.5.9.

References

github.com/advisories/GHSA-rp9h-rf7g-hwgr
github.com/aws/s2n-tls
github.com/aws/s2n-tls/commit/493b77167dc367c394de23cfe78a029298e2a254
github.com/aws/s2n-tls/releases/tag/v1.5.9
github.com/aws/s2n-tls/security/advisories/GHSA-rp9h-rf7g-hwgr

Code Behaviors & Features

Detect and mitigate GHSA-rp9h-rf7g-hwgr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →