Published:2015-04-18
CVE ID:CVE-2015-0291
Announcement time: 2015-04-18
Description
ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. (original advisory). Reported by David Ramos (Stanford University).
Fixed in OpenSSL 1.0.2a (Affected 1.0.2)
Sources:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://www.exploit-db.com/exploits/32745/
Update:
SHIDdaemon openssl 1.0.1j -- > openssl 1.0.2a