2 matches found
openssl: SRTP memory leak causes crash when using specially-crafted handshake message
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server...
UBUNTU-CVE-2014-3506
d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values...