Openssl ssl23_get_client_hello Function DoS Vulnerability
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL 1.0.1j
Description:
CVE (CAN) ID: CVE-2014-3569
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
In OpenSSL 1.0.1j, The ssl23_get_client_hello function of s23_srvr.c does not properly process requests using unsupported protocols. This allows remote attackers to use this vulnerability to cause a denial of service (DoS) by shaking hands unexpectedly.
<* Source: Vasyl Kaigorodov
*>
Suggestion:
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://rt.openssl.org/Ticket/Display.html? Id = 3571 & user = guest & pass = guest
Https://git.openssl.org/gitweb? P = openssl. git; a = commit; h = 392fa7a952e97d82eac6958c81ed1e256e6b8ca5
Https://git.openssl.org/gitweb? P = openssl. git; a = commit; h = b82924741b4bd590da890619be671f4635e46c2b
Https://git.openssl.org/gitweb? P = openssl. git; a = commit; h = 6ce9687b5aba5391fc0de50e18779eb676d0e04d
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
Use OpenSSL to sign multi-domain certificates
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: