K15541: OpenSSL vulnerability CVE-2014-3509

Security Advisory Description Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client...

boringssl: Incorrect-function-pointer-type in bssl::ext_npn_parse_serverhello

Project: https://boringssl.googlesource.com/boringssl Detailed report: https://oss-fuzz.com/testcase?key=6121765925289984 Project: boringssl Fuzzer: libFuzzerboringsslclient Fuzz target binary: client Job Type: libfuzzerubsanboringssl Platform Id: linux Crash Type: Incorrect-function-pointer-type...

Race condition

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

A race condition was found in sslparseserverhellotlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Found by Gabor Tyukasz LogMeIn Inc...