OpenSSL vulnerability CVE-2015-0206

2015-02-13T00:32:00
ID F5:K16124
Type f5
Reporter f5
Modified 2016-01-09T02:19:00

Description

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. (CVE-2015-0206)

Impact

Remote attackers may be able to cause a denial-of-service (DoS) by way of crafted Datagram Transport Layer Security (DTLS) packets.

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

F5 is responding to this vulnerability as determined by the parameters defined in K4602: Overview of the F5 security vulnerability response policy.

To mitigate this vulnerability, you can perform the following tasks: