yaSSL 1.7.5 and previous versions, as used in MySQL and possibly other products, allows remote malicious users to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yassl yassl |