The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssl | Openssl | * | 0.9.8za (excluding) |
Openssl | Openssl | 1.0.0 (including) | 1.0.0m (excluding) |
Openssl | Openssl | 1.0.1 (including) | 1.0.1h (excluding) |