Details
-
Suggestion
-
Resolution: Invalid
Description
If client auth is used then a server can seg fault in the event of a DHE
ciphersuite being selected and a zero length ClientKeyExchange message being
sent by the client. This could be exploited in a DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the
OpenSSL development team.