Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 prior to 1.0.0p and 1.0.1 prior to 1.0.1k allows remote malicious users to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.0e |
||
openssl openssl 1.0.0f |
||
openssl openssl 1.0.0n |
||
openssl openssl 1.0.0o |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.0a |
||
openssl openssl 1.0.0b |
||
openssl openssl 1.0.0i |
||
openssl openssl 1.0.0j |
||
openssl openssl 1.0.0k |
||
openssl openssl 1.0.1h |
||
openssl openssl 1.0.1g |
||
openssl openssl 1.0.0c |
||
openssl openssl 1.0.0d |
||
openssl openssl 1.0.0l |
||
openssl openssl 1.0.0m |
||
openssl openssl 1.0.1f |
||
openssl openssl 1.0.1e |
||
openssl openssl 1.0.0g |
||
openssl openssl 1.0.0h |
||
openssl openssl 1.0.1j |
||
openssl openssl 1.0.1i |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1a |
New fixes repair DOS, authentication flaws
OpenSSL has squashed eight low severity vulnerabilities bugs that could result in denial of service or the removal of forward secrecy. The holes, two graded "moderate", were addressed in OpenSSL updates 1.0.0p, 0.98zd, and 1.0.1k. Maintainers wrote in an advisory that Cisco warned last October that a crafted Datagram Transport Layer Security (DTLS) message could trigger a segmentation fault due (CVE-2014-3571) to a NULL pointer dereference. Another bug (CVE-2015-0206) spotted by researcher Chris...