Advisory ID

12758

Release date

20160923

Last Updated

20160923

Issue Severity

None

Source

Source

openssl.org

Release date

20160922

CVSS v2 Base Score

MEDIUM

Problem Description

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

Impact

None.

Affected Products

None - no Foxt products use the vulnerable OpenSSL version.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018