Vulnerability in OpenSSL (CVE-2014-3509)

2014-08-06T00:00:00
ID OPENSSL:CVE-2014-3509
Type openssl
Reporter OpenSSL
Modified 2014-08-06T00:00:00

Description

A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Reported by Gabor Tyukasz (LogMeIn Inc).