CVSS v2 Base Score
If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data.
Find out more about CVE-2015-3196 from the OpenSSL project.
BoKS Manager 7.0 supports TLS-PSK but mutex locks in the applications prevent the race condition from occurring.
Still have questions? We can help. Submit a case to Technical Support.