OpenSSL CVE-2014-3509 Race Condition Vulnerability

description-logoDescription

If a multithreaded client connects to a malicious server using a resumed sessionand the server sends an ec point format extension it could write up to 255 bytesto freed memory.OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n.OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching thisissue. This issue was reported to OpenSSL on 8th July 2014.The fix was developed by Gabor Tyukasz.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3509