CVE-2015-0293

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8zf OpenSSL versions prior to 1.0.0r OpenSSL versions prior to 1.0.1m OpenSSL versions prior to 1.0.2a openssl-libs (affected versions not specified) openssl-static (affected versions not specified) openssl-perl (affected versions not specified) openssl-devel (affected versions not specified)

Description The issue affects the SSLv2 implementation in OpenSSL, allowing remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. This could lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenSSL versions prior to 0.9.8zf, update to version 0.9.8zf or later. For OpenSSL versions prior to 1.0.0r, update to version 1.0.0r or later. For OpenSSL versions prior to 1.0.1m, update to version 1.0.1m or later. For OpenSSL versions prior to 1.0.2a, update to version 1.0.2a or later. For openssl-libs, openssl-static, openssl-perl, and openssl-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.