OpenSSL CVE-2015-0293 Input Validation Bypass Vulnerability

description-logoDescription

Severity: ModerateA malicious client can trigger an OPENSSL_assert (i.e., an abort) inservers that both support SSLv2 and enable export cipher suites by sendinga specially crafted SSLv2 CLIENT-MASTER-KEY message.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered by Sean Burford (Google) and Emilia KsperEmilia Ksper.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0293