OpenSSL CVE-2015-0293 Input Validation Bypass Vulnerability
Description
Severity: ModerateA malicious client can trigger an OPENSSL_assert (i.e., an abort) inservers that both support SSLv2 and enable export cipher suites by sendinga specially crafted SSLv2 CLIENT-MASTER-KEY message.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered by Sean Burford (Google) and Emilia KsperEmilia Ksper.
Affected Applications
OpenSSL