Denial of Service Vulnerability in OpenSSL by OpenSSL
CVE-2015-3196

Currently unrated

Key Information:

Vendor

HP

Vendor
CVE Published:
6 December 2015

What is CVE-2015-3196?

The vulnerability in OpenSSL arises when the library is utilized for multi-threaded clients, leading to improper handling of the PSK identity hint. This flaw may allow remote attackers to induce a denial of service by sending a crafted ServerKeyExchange message, causing race conditions and possible double free scenarios.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.