OpenSSL.Ssl3_get_key_exchange.Memory.Corruption
Description
This indicates an attack attempt against a memory-corruption vulnerability in OpenSSL library.
The vulnerability is caused by an error when the ssl3_get_key_exchange function handles a specially crafted server key exchange message. It allows a remote attacker to execute arbitrary code.
Affected Products
OpenSSL version 1.0.0a and prior
Impact
System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service
Recommended Actions
Currently we are not aware of any patches supplied by the vendor for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |