OpenSSL SSLv2 Null Pointer Dereference Client DoS
Publish Date: 21 luglio 2015
Gravità: : Medio
Identificatori CVE: CVE-2006-4343
Data notifica: 21 luglio 2015
Descrizione
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
Informazioni esposizione:
This vulnerability is addressed in the following product releases:
OpenSSL Project, OpenSSL, 0.9.7l (or later)
OpenSSL Project, OpenSSL, 0.9.8d (or later)
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1001262
Trend Micro Deep Security DPI Rule Name: 1001262 - OpenSSL SSLv2 Null Pointer Dereference Client DoS
Software e versione interessati:
- OpenSSL Project OpenSSL 0.9.7
- OpenSSL Project OpenSSL 0.9.7a
- OpenSSL Project OpenSSL 0.9.7b
- OpenSSL Project OpenSSL 0.9.7c
- OpenSSL Project OpenSSL 0.9.7d
- OpenSSL Project OpenSSL 0.9.7e
- OpenSSL Project OpenSSL 0.9.7f
- OpenSSL Project OpenSSL 0.9.7g
- OpenSSL Project OpenSSL 0.9.7h
- OpenSSL Project OpenSSL 0.9.7i
- OpenSSL Project OpenSSL 0.9.7j
- OpenSSL Project OpenSSL 0.9.7k
- OpenSSL Project OpenSSL 0.9.8
- OpenSSL Project OpenSSL 0.9.8a
- OpenSSL Project OpenSSL 0.9.8b
- OpenSSL Project OpenSSL 0.9.8c