Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

ID OPENSSL:CVE-2014-3509
Type openssl
Reporter OpenSSL
Modified 2014-08-06T00:00:00


A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Reported by Gabor Tyukasz (LogMeIn Inc).
  • Fixed in OpenSSL 1.0.1i (Affected 1.0.1-1.0.1h)
  • Fixed in OpenSSL 1.0.0n (Affected 1.0.0-1.0.0m)