projects / platform / upstream / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2f0028) | patch
Fix SRP ciphersuite DoS vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 29 Jul 2014 20:23:30 +0000 (21:23 +0100)
committerJanusz Kozerski <j.kozerski@samsung.com>
Mon, 20 Oct 2014 13:25:33 +0000 (15:25 +0200)
commitba46e724eb1e0dc190edece2a86240da16b40c0d
treee901eafad0cdb502ec05729d723805df84bd91d6tree | snapshot
parentb2f0028957075125d8ee225750c9975d7ee3dae0commit | diff
Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-5139
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/s3_clnt.c diff | blob | history
ssl/ssl_lib.c diff | blob | history
Domain: Security / Utilities;