ALAS-2014-427 ---- opensslID: oval:org.secpod.oval:def:1600169 | Date: (C)2016-01-19 (M)2023-11-10 |
Class: PATCH | Family: unix |
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them
Platform: |
Amazon Linux AMI |