Date published: 2014-12-24T06:59:00.057-05:00
Date last modified: 2017-11-14T21:29:05.127-05:00
CVSS Score: 5.0
Principal attack vector: NETWORK
Reference URL: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
Summary: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.