Denial of Service Vulnerability in OpenSSL 1.0.2: Invalid Signature Algorithms Extension in ClientHello Message

Denial of Service Vulnerability in OpenSSL 1.0.2: Invalid Signature Algorithms Extension in ClientHello Message

CVE-2015-0291 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

Learn more about our Web Application Penetration Testing UK.