CVE-2015-0206

Priority
Description
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL
1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to
cause a denial of service (memory consumption) by sending many duplicate
records for the next epoch, leading to failure of replay detection.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.0.1k)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.0.1f-1ubuntu2.8)
Patches:
Upstream:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=04685bc949e90a877656cf5020b6d4f90a9636a6 (1.0.1)
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
More Information

Updated: 2019-12-05 18:39:17 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)