Intrusion Prevention



This indicates an attack attempt against a memory-corruption vulnerability in OpenSSL library.
The vulnerability is caused by an error when the ssl3_get_key_exchange function handles a specially crafted server key exchange message. It allows a remote attacker to execute arbitrary code.

Affected Products

OpenSSL version 1.0.0a and prior


System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service

Recommended Actions

Currently we are not aware of any patches supplied by the vendor for this issue.

CVE References