CVE-2014-5139
EPSS 34.0%發布日:2014/8/13修改日:2026/4/28
描述
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
受影響套件(1)
- Debian/opensslfrom 0, < 1.0.1i-1