CVE-2014-2899

Name of the Vulnerable Software and Affected Versions wolfSSL CyaSSL versions prior to 2.9.4

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference. This can occur in two scenarios: (1) when a request is made for the peer certificate and a certificate parsing failure happens, or (2) when a client key exchange message is sent and the ephemeral key is not found.

Recommendations For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue.