Description
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Remediation
References
Related Vulnerabilities
OpenSSL Other Vulnerability (CVE-2015-0291)
Jenkins CVE-2023-27904 Vulnerability (CVE-2023-27904)
Mailman Other Vulnerability (CVE-2004-0182)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0441)