OpenSSL.Server.Name.Extension.DoS
Description
This indicates an attempt to exploit a memory access vulnerability in the OpenSSL server.
The OpenSSL server in a vulnerable system does not properly validate the server name extension received in the 'Hello' packet from a Client. A remote attacker could send a specially crafted 'Hello' packet, which contains \x00 as server name extension, to the OpenSSL server on a vulnerable system. This will cause a memory access error in the OpenSSL server, leading to a crash and a denial of service.
Affected Products
OpenSSL versions 0.9.8f and 0.9.8g.
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Update to OpenSSL version 0.9.8h.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |