First published: Thu Jan 10 2008(Updated: )
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yassl Yassl | <=1.7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.