Race condition vulnerability in OpenSSL allows remote servers to cause denial of service or other impact

Race condition vulnerability in OpenSSL allows remote servers to cause denial of service or other impact

CVE-2014-3509 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

Learn more about our Cis Benchmark Audit For Server Software.