The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 prior to 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.1 |
||
openssl openssl 1.0.1h |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.1g |
||
openssl openssl 1.0.1a |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1e |
||
openssl openssl 1.0.1f |