Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-11149

then a server can seg fault in the event of a DHE

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      If client auth is used then a server can seg fault in the event of a DHE
      ciphersuite being selected and a zero length ClientKeyExchange message being
      sent by the client. This could be exploited in a DoS attack.

      This issue affects OpenSSL version: 1.0.2

      OpenSSL 1.0.2 users should upgrade to 1.0.2a.

      This issue was discovered and the fix was developed by Matt Caswell of the
      OpenSSL development team.

      Attachments

        Activity

          People

            2a8dbfc1f20c csomme
            Anonymous Anonymous
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: