Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f up to and including 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote malicious users to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 0.9.8m |
||
openssl openssl 0.9.8n |
||
openssl openssl 0.9.8g |
||
openssl openssl 0.9.8k |
||
openssl openssl 0.9.8j |
||
openssl openssl 0.9.8l |
||
openssl openssl 1.0.0 |
||
openssl openssl 0.9.8o |
||
openssl openssl 0.9.8i |
||
openssl openssl 0.9.8f |
||
openssl openssl 1.0.0a |
||
openssl openssl 0.9.8h |