Vulnerability identifier: #VU646
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
OpenSSL Software Foundation
The vulnerability allows a remote authenticated user to cause denail of service on the target system.
The weakness exists due to resource error. By repeated request renegotiation and sending specially crafted OCSP Status Request extension attackers can cause excessive memory spending on the target system.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Update 1.0.1 to 1.0.1u.
Update 1.0.2 to 1.0.2i.
Update 1.1.0 to 1.1.0a.
Vulnerable software versions
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.