OpenSSL CVE-2015-0206 Buffer Overflow Vulnerability

description-logoDescription

Severity: ModerateA memory leak can occur in the dtls1_buffer_record function under certainconditions. In particular this could occur if an attacker sent repeated DTLSrecords with the same sequence number but for the next epoch. The memory leakcould be exploited by an attacker in a Denial of Service attack through memoryexhaustion.This issue affects OpenSSL versions: 1.0.1 and 1.0.0.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who alsoprovided an initial patch. Further analysis was performed by Matt Caswell of theOpenSSL development team, who also developed the final patch.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0206