Title: OpenSSL CBC Encryption DTLS Packet TLS Record Length Parsing Remote DoS
May 11, 2012
May 10, 2012
OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when parsing the TLS record length of DTLS packets using CBC encryption, and will result in loss of availability for the application.
Remote / Network Access
Denial of Service
Loss of Availability
Upgrade to version 1.0.1c, 1.0.0j or 0.9.8x or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.