[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2014-427 ---- openssl

ID: oval:org.secpod.oval:def:1600169Date: (C)2016-01-19   (M)2017-11-16
Class: PATCHFamily: unix




A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them

Platform:
Amazon Linux AMI
Product:
openssl
Reference:
ALAS-2014-427
CVE-2014-3513
CVE-2014-3568
CVE-2014-3567
CVE    3
CVE-2014-3513
CVE-2014-3567
CVE-2014-3568
CPE    36
cpe:/a:openssl:openssl
cpe:/o:amazon:linux
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0g
...

© 2013 SecPod Technologies