Уязвимость CVE-2014-5139: Информация

Описание

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

Важность: MEDIUM (4,3)

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

      ---