projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7634394) | patch
Fix DHE Null CKE vulnerability
authorMatt Caswell <matt@openssl.org>
Tue, 10 Mar 2015 16:38:32 +0000 (16:38 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 12:58:35 +0000 (12:58 +0000)
commitb19d8143212ae5fbc9cebfd51c01f802fabccd33
treeec733424fac399d50a9303b0c64100db3cce63fdtree | snapshot
parent76343947ada960b6269090638f5391068daee88dcommit | diff
Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/s3_srvr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.