CVE-2014-9424

Name of the Vulnerable Software and Affected Versions LibreSSL versions prior to 2.1.2

Description A double free vulnerability exists in the ssl parse clienthello use srtp ext function in d1 srtp.c, which can be triggered by a certain length-verification error during the processing of a DTLS handshake. This issue may allow remote attackers to cause a denial of service or possibly have other unspecified impacts.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue.