virus logo FortiClient Vulnerability

OpenSSL CVE-2014-5139 Vulnerability

description-logoDescription

The issue affects OpenSSL clients and allows a malicious server to crashthe client with a null pointer dereference (read) by specifying an SRPciphersuite even though it was not properly negotiated with the client. This canbe exploited through a Denial of Service attack.OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.Thanks to Joonas Kuorilehto and Riku Hietamki (Codenomicon) for discovering andresearching this issue. This issue was reported to OpenSSL on 2nd July 2014.The fix was developed by Stephen Henson of the OpenSSL core team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-5139

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39802
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL