11 May 2012
14 May 2012
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
The vulnerability is caused due to an integer underflow error within the parsing of TLS record length of Datagram Transport Layer Security (DTLS) packets using CBC encryption mode, which can be exploited to cause a crash.
The vulnerability is reported in versions prior to 1.0.1c, 1.0.0j, and 0.9.8x.
Update to version 1.0.1c, 1.0.0j, or 0.9.8x.
CERT-FI credits Codenomicon.
CERT-FI (FICORA #641549):