OpenSSL.Server.Name.Extension.DoS

description-logoDescription

This indicates an attempt to exploit a memory access vulnerability in the OpenSSL server.
The OpenSSL server in a vulnerable system does not properly validate the server name extension received in the 'Hello' packet from a Client. A remote attacker could send a specially crafted 'Hello' packet, which contains \x00 as server name extension, to the OpenSSL server on a vulnerable system. This will cause a memory access error in the OpenSSL server, leading to a crash and a denial of service.

affected-products-logoAffected Products

OpenSSL versions 0.9.8f and 0.9.8g.

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Update to OpenSSL version 0.9.8h.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995