OpenSSL vulnerability discovered by SEARCH-LAB

Latest news

Quality management

Get informed about our qualified evaluation environment.

R&D Services

About our R&D services provided for specialized needs

Our partners

A selection of our commercial and research partners

R&D Project Involvement

A brief intro on our collaborational research projects.

Management

Learn about the management of SEARCH-LAB

Reviews

Read reviews from our clients and students

OpenSSL vulnerability discovered by SEARCH-LAB

: Published on Tuesday, 29 July 2014 12:55

SEARCH-LAB has recently discovered a vulnerability in OpenSSL, one of the most popular SSL implementation libraries. It vulnerability would only allow malicious server operators to crash DTLS (TLS over UDP) clients, which might lead into Denial of Service in software building on OpenSSL code, for e.g. VPN services.

The vulnerability, caused by endless recursion leading to stack overflow happens before the SSL/TLS handshake takes place, and affects all versions of OpenSSL up to and including 1.0.1g (and also in older branches up to and including 0.9.8y and 1.0.0l). Even though we have disclosed this vulnerability to the public only after it has been confirmed as fixed in the OpenSSL code repository, it might take some time until all affected programs using OpenSSL code apply the fix.

Search-Lab Kft.

Latest news

Analysis of WiFi-enabled ISP modems

LG NAS N1A1 multiple vulnerabilities in Familycast

WPA Supplicant configuration file injection vulnerability

Quality management

R&D Services

Our partners

R&D Project Involvement

Press releases

Management

Reviews

OpenSSL vulnerability discovered by SEARCH-LAB