CVE-2014-3569CVE-2014-3569

Affected configuration(s):

cpe:/a:openssl:openssl:1.0.1j

Date published: 2014-12-24T06:59:00.057-05:00

Date last modified: 2017-11-14T21:29:05.127-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

Summary: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *