CVE-2012-0050

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8s and 1.0.0f OpenSSL versions prior to 1.0.0g

Description The issue affects the OpenSSL package in Gentoo Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. Specifically, OpenSSL 0.9.8s and 1.0.0f do not properly support DTLS applications, allowing remote attackers to cause a denial of service via unspecified vectors related to an out-of-bounds read.

Recommendations For OpenSSL version 0.9.8s, update to a version later than 0.9.8s to resolve the issue. For OpenSSL version 1.0.0f, update to a version later than 1.0.0f to resolve the issue. For OpenSSL versions prior to 1.0.0g, update to version 1.0.0g or later to resolve the issue. As a temporary workaround, consider restricting DTLS application support until a patch is available.