Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-11149

then a server can seg fault in the event of a DHE

    XMLWordPrintable

    Details

    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      If client auth is used then a server can seg fault in the event of a DHE
      ciphersuite being selected and a zero length ClientKeyExchange message being
      sent by the client. This could be exploited in a DoS attack.

      This issue affects OpenSSL version: 1.0.2

      OpenSSL 1.0.2 users should upgrade to 1.0.2a.

      This issue was discovered and the fix was developed by Matt Caswell of the
      OpenSSL development team.

        Attachments

          Activity

            People

            Assignee:
            2a8dbfc1f20c csomme
            Reporter:
            Anonymous
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: