CVE-2014-5139

Priority
Description
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before
1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer
dereference and client application crash) via a ServerHello message that
includes an SRP ciphersuite without the required negotiation of that
ciphersuite with the client.
Assigned-to
mdeslaur
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-19 12:15:22 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)