CVE-2015-0207

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2a (excluding 1.0.2a)

Description The issue is related to the dtls1 listen function in OpenSSL, which does not properly isolate state information of independent data streams. This can be exploited by a remote attacker to cause a denial of service via crafted DTLS traffic. The attacker can generate DTLS traffic to cause the application to crash due to incorrect pointer dereferences.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2a (excluding 1.0.2a), update to version 1.0.2a or later to resolve the issue. As a temporary workaround, consider restricting DTLS traffic to minimize the risk of exploitation.