SSLv2.Null.Pointer.Dereference.Client.DoS
Description
This indicates an attempt to exploit a null-pointer dereference vulnerability in OpenSSL.
The vulnerability is caused by an error in the get_server_hello function, in the SSLv2 client code. It allows remote attackers to crash the SSL client.
Affected Products
OpenSSL Project OpenSSL 0.9.8 c
OpenSSL Project OpenSSL 0.9.8 b
OpenSSL Project OpenSSL 0.9.8 a
OpenSSL Project OpenSSL 0.9.8
OpenSSL Project OpenSSL 0.9.7 k
OpenSSL Project OpenSSL 0.9.7 j
OpenSSL Project OpenSSL 0.9.7 i
OpenSSL Project OpenSSL 0.9.7 h
OpenSSL Project OpenSSL 0.9.7 g
OpenSSL Project OpenSSL 0.9.7 f
OpenSSL Project OpenSSL 0.9.7 e
OpenSSL Project OpenSSL 0.9.7 d
OpenSSL Project OpenSSL 0.9.7 c
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
OpenSSL Project OpenSSL 0.9.7
OpenSSL Project OpenSSL 0.9.6 m
OpenSSL Project OpenSSL 0.9.6 l
OpenSSL Project OpenSSL 0.9.6 k
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
OpenSSL Project OpenSSL 0.9.6 f
OpenSSL Project OpenSSL 0.9.6 e
OpenSSL Project OpenSSL 0.9.6 d
OpenSSL Project OpenSSL 0.9.6 c
OpenSSL Project OpenSSL 0.9.6 b-36.8
OpenSSL Project OpenSSL 0.9.6 b
OpenSSL Project OpenSSL 0.9.6 a
OpenSSL Project OpenSSL 0.9.6
OpenSSL Project OpenSSL 0.9.5 a
OpenSSL Project OpenSSL 0.9.5
OpenSSL Project OpenSSL 0.9.4
OpenSSL Project OpenSSL 0.9.3
OpenSSL Project OpenSSL 0.9.2 b
OpenSSL Project OpenSSL 0.9.1 c
Impact
Denial of service
Recommended Actions
Upgrade to the latest version, available from the following web site:
http://www.openssl.org/source/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |