OpenSSL TLS Server Extension Parsing Race Condition Vulnerability

view full story

http://www.linuxquestions.org – Quote: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to a race condition within the TLS extension parsing code, which can be exploited to cause a heap-based buffer overflow. Secunia Advisory (HowTos)