Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
OpenSSL
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== {{anchor|CVE-2015-0291}}ClientHello sigalgs DoS === This vulnerability ({{CVE|2015-0291}}) allows anyone to take a certificate, read its contents and modify it accurately to abuse the vulnerability causing a certificate to crash a client or server. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, a null-pointer dereference occurs. This can cause a DoS attack against the server. A Stanford Security researcher, David Ramos, had a private exploit and presented it to the OpenSSL team, which then patched the issue. OpenSSL classified the bug as a high-severity issue, noting version 1.0.2 was found vulnerable.<ref>{{cite web |url=http://freedomhacker.net/openssl-patches-severe-denial-of-service-vulnerability-3818/ |title=OpenSSL Patches Severe Denial-of-Service Vulnerability |date=20 March 2015 |publisher=Brandon Stosh |df=mdy-all |access-date=March 20, 2015 |archive-date=April 2, 2015 |archive-url=https://web.archive.org/web/20150402102240/http://freedomhacker.net/openssl-patches-severe-denial-of-service-vulnerability-3818/ |url-status=live}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)