projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34e3edb) | patch
Fix DHE Null CKE vulnerability
authorMatt Caswell <matt@openssl.org>
Tue, 10 Mar 2015 16:38:32 +0000 (16:38 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 13:01:13 +0000 (13:01 +0000)
commitd3cc5e610d1719a35cda52c9152134b490a8c944
treee8f888b240b8e2b8e2e5ed013e3c5e1d71c57d8ftree | snapshot
parent34e3edbf3a10953cb407288101fd56a629af22f9commit | diff
Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/s3_srvr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.