Vulnerability in OpenSSL (CVE-2014-3509)

ID OPENSSL:CVE-2014-3509
Type openssl
Reporter OpenSSL
Modified 2014-08-06T00:00:00


A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Reported by Gabor Tyukasz (LogMeIn Inc).