Vulnerability in OpenSSL CVE-2013-4353

2014-01-06T00:00:00
ID OPENSSL:CVE-2013-4353
Type openssl
Reporter OpenSSL
Modified 2014-01-06T00:00:00

Description

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. Reported by Anton Johansson.
  • Fixed in OpenSSL 1.0.1f (git commit) (Affected 1.0.1-1.0.1e)