« List of all CVEs

CVE-2015-1787

Published: 3/19/2015 Last updated: 8/6/2024 Reserved: 2/17/2015

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (6)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-openssl conf-srt-openssl

Products affected (1)

Product	Vendor	Version
n/a	n/a	< a9b4599665e437de8a1152799c34841b799a2e1c

References (68)