ELSA-2014-1052 -- Oracle openssl
|ID: oval:org.secpod.oval:def:1500684||Date: (C)2014-08-26 (M)2018-05-05|
|Class: PATCH||Family: unix|
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.