Skip to main content
Revision 83764a989dcc87fbea337da5f8f86806fe767b7e authored by Dr. Stephen Henson on 29 July 2014, 20:23:30 UTC, committed by Matt Caswell on 06 August 2014, 19:27:51 UTC
Fix SRP ciphersuite DoS vulnerability.
If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-5139
Reviewed-by: Tim Hudson <tjh@openssl.org>
1 parent 86788e1
History
FileModeSize
.cvsignore -rw-r--r--23 bytes
back to top