CVE-2014-3470
CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://secunia.com/advisories/59342http://secunia.com/advisories/59669http://secunia.com/advisories/59525http://www-01.ibm.com/support/docview.wss?uid=swg21675626http://secunia.com/advisories/59282http://www.novell.com/support/kb/doc.php?id=7015300http://secunia.com/advisories/59990http://secunia.com/advisories/59264http://secunia.com/advisories/59126http://www.novell.com/support/kb/doc.php?id=7015264http://secunia.com/advisories/59306http://www-01.ibm.com/support/docview.wss?uid=swg21678289