OpenSSL SSLv2 Null Pointer Dereference Client DoS
Schweregrad:: Mittel
CVE Kennungen:: CVE-2006-4343
Hinweisdatum: 21 Juli 2015
Beschreibung
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
Trend Micro Lösungen
This vulnerability is addressed in the following product releases:
OpenSSL Project, OpenSSL, 0.9.7l (or later)
OpenSSL Project, OpenSSL, 0.9.8d (or later)
Lösungen
Trend Micro Deep Security DPI Rule Number: 1001262
Trend Micro Deep Security DPI Rule Name: 1001262 - OpenSSL SSLv2 Null Pointer Dereference Client DoS
Betroffene Software und Version:
- OpenSSL Project OpenSSL 0.9.7
- OpenSSL Project OpenSSL 0.9.7a
- OpenSSL Project OpenSSL 0.9.7b
- OpenSSL Project OpenSSL 0.9.7c
- OpenSSL Project OpenSSL 0.9.7d
- OpenSSL Project OpenSSL 0.9.7e
- OpenSSL Project OpenSSL 0.9.7f
- OpenSSL Project OpenSSL 0.9.7g
- OpenSSL Project OpenSSL 0.9.7h
- OpenSSL Project OpenSSL 0.9.7i
- OpenSSL Project OpenSSL 0.9.7j
- OpenSSL Project OpenSSL 0.9.7k
- OpenSSL Project OpenSSL 0.9.8
- OpenSSL Project OpenSSL 0.9.8a
- OpenSSL Project OpenSSL 0.9.8b
- OpenSSL Project OpenSSL 0.9.8c