openssl < 1.0.0.g: DTLS DoS attack (v2.1)
OpenSSL Security Advisory [18 Jan 2011]
DTLS DoS attack (CVE-2012-0050)
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS applications using OpenSSL 1.0.0f and
0.9.8s are affected.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix.
Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t.
References
URL for this Security Advisory:
http://www.openssl.org/news/secadv\_20120118.txt
(from redmine: issue id 938, created on 2012-01-19, closed on 2012-01-29)
- Changesets:
- Revision f6c88f83 by Natanael Copa on 2012-01-19T07:13:37Z:
main/openssl: security upgrade to 1.0.0g (CVE-2012-0050)
fixes #938