CVE-2015-0291

2015-03-19T22:59:00
ID CVE-2015-0291
Type cve
Reporter cve@mitre.org
Modified 2018-11-29T14:48:00

Description

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. <a href="http://cwe.mitre.org/data/definitions/476.html" rel="nofollow">CWE-476: NULL Pointer Dereference</a>