Critical vulnerability in OpenSSL 1.1.0a allows to crash the system

Posted on Posted in OpenSSL

Decription: Multiple vulnerabilities were reported in OpenSSL. A remote user can cause the target service or application to crash.

A remote user can send a specially crafted SHA512 TLS session ticket to trigger an out-of-bounds memory read error and cause the target server to crash

Solution: The vendor has issued a fix (1.0.1u, 1.0.2i, 1.1.0a).

Affected versions: All before 1.0.1u, 1.0.2i and 1.1.0a

Recommended action: Upgrade to the latest possible version

Origin URLs:

  • https://www.openssl.org/news/secadv/20160922.txt
  • https://www.openssl.org/news/secadv/20160926.txt
  • http://securitytracker.com/id/1036885
  • http://www.opennet.ru/opennews/art.shtml?num=45215
  • Leave a Reply

    Your email address will not be published. Required fields are marked *