Description

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

Remediation

References

CVE-2015-1794

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)

WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.24)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17825)

Magento Incorrect Authorization Vulnerability (CVE-2020-9692)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)

Severity

Medium

Classification

CVE-2015-1794

Tags

Missing Update Known Vulnerabilities