The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | openssl | 2014-06-04 15:45 | ALAS-2014-349 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |