Skip to content
Commit eb6508d5 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix for CVE-2014-0195 

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef74)
parent 77719aef
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment