CVE-2015-0290

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2a

Description The issue is related to the multi-block feature in the ssl3 write bytes function, which does not properly handle certain non-blocking I/O cases. This can allow remote attackers to cause a denial of service, resulting in pointer corruption and application crash. The vulnerability is associated with errors in the code and can be exploited by a remote attacker to cause a denial of service due to errors in handling certain input-output operations.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2a, update to version 1.0.2a or later to resolve the issue. As a temporary workaround, consider restricting the use of the ssl3 write bytes function until a patch is available. Avoid using non-blocking I/O cases with the multi-block feature in the ssl3 write bytes function until the issue is resolved.