yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products,
allows remote attackers to cause a denial of service (crash) via a Hello
packet containing a large size value, which triggers a buffer over-read in
the HASHwithTransform::Update function in hash.cpp.
jdstrand> dapper not affected (yassl not compiled)
Updated: 2015-10-17 03:29:23 UTC (commit 10086)