[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2014-427 ---- openssl

ID: oval:org.secpod.oval:def:1600169Date: (C)2016-01-19   (M)2018-05-06
Class: PATCHFamily: unix




A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them

Platform:
Amazon Linux AMI
Product:
openssl
Reference:
ALAS-2014-427
CVE-2014-3513
CVE-2014-3568
CVE-2014-3567
CVE    3
CVE-2014-3568
CVE-2014-3567
CVE-2014-3513
CPE    36
cpe:/a:openssl:openssl:0.9.8zb
cpe:/a:openssl:openssl:1.0.1i
cpe:/a:openssl:openssl:1.0.1h
cpe:/a:openssl:openssl:1.0.1e
...

© SecPod Technologies