The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 prior to 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.1 |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.1a |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1e |