OpenSSL OCSP Stapling 'ClientHello' Handshake Message Parsing Security Vulnerability

OpenSSL is prone to a security vulnerability that affects Online Certificate Status Protocol (OCSP) stapling.

Attackers can exploit this issue to cause a denial-of-service condition in OpenSSL. If OpenSSL is used in an application, parsed OCSP nonce extensions could be used to obtain sensitive information.

OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus