Vulnerability in OpenSSL (CVE-2014-5139)

2014-08-06T00:00:00
ID OPENSSL:CVE-2014-5139
Type openssl
Reporter OpenSSL
Modified 2014-08-06T00:00:00

Description

A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. Reported by Joonas Kuorilehto and Riku Hietamäki (Codenomicon).