The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-03-19 15:59
Updated : 2022-12-13 04:15
NVD link : CVE-2015-0291
Mitre link : CVE-2015-0291
JSON object : View
CWE
Products Affected
openssl
- openssl