OpenSSL 'multi-block' Feature Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL version 1.0.2 on 64-bit x86 platforms that support AES NI. The vulnerability is...

PT-2015-1686 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a Description: The issue is related to the multi-block feature in the ssl3 write bytes function, which does not properly handle certain non-blocking I/O cases. This can allow remote attackers to cause a...

CVE-2015-0290

The multi-block feature in the ssl3writebytes function in s3pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service pointer corruption and application crash...