Advisory ID

12049

Release date

2015-12-07

Last Updated

2015-12-07

Issue Severity

No impact

Source

Source

OpenSSL

Release date

2015-12-03

CVSS v2 Base Score

LOW

Problem Description

If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data.

Find out more about CVE-2015-3196 from the OpenSSL project.

Impact

BoKS Manager 7.0 supports TLS-PSK but mutex locks in the applications prevent the race condition from occurring.

Affected Products

None.










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018