CVE-2014-5139
EPSS 34.0%Published: 8/13/2014Modified: 4/28/2026
Description
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
Affected packages (1)
- Debian/opensslfrom 0, < 1.0.1i-1