CVE-2011-0014

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8h through 0.9.8q OpenSSL versions 1.0.0 through 1.0.0c OpenSSL versions prior to 1.0.0e

Description The issue allows remote attackers to cause a denial of service (crash) and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access. Exploitation of the vulnerabilities may lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For OpenSSL versions 0.9.8h through 0.9.8q, update to a version later than 0.9.8q. For OpenSSL versions 1.0.0 through 1.0.0c, update to a version later than 1.0.0c. For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later.