Skip to content
Commit f4e6ed09 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix for CVE-2014-0195

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
parent b79e6e3a
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment