Description

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

Remediation

References

CVE-2014-5139

Related Vulnerabilities

WordPress Plugin Accept Donations with PayPal Cross-Site Request Forgery (1.3.3)

WordPress Plugin Role Scoper Cross-Site Scripting (1.3.66)

MediaWiki CVE-2023-45372 Vulnerability (CVE-2023-45372)

Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)

WordPress Plugin Simple Mail Address Encoder Cross-Site Scripting (1.6.1)

Severity

Medium

Classification

CVE-2014-5139

Tags

Missing Update Known Vulnerabilities