Vulnerability in OpenSSL (CVE-2015-0291)

2015-03-19T00:00:00
ID OPENSSL:CVE-2015-0291
Type openssl
Reporter OpenSSL
Modified 2015-03-19T00:00:00

Description

ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. Reported by David Ramos (Stanford University) on 26th February 2015.