Eric Young

1 exploit Active since Aug 2014
CVE-2014-5139 NOMISEC WORKING POC
OpenSSL 1.0.1 - Denial of Service via SRP Ciphersuite ServerHello Message
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.