18 May
2014
18 May
'14
5:32 p.m.
Hey all, This affects OpenSSL 1.x through 1.0.1g - The function do_ssl3_write is broken, when used with SSL_MODE_RELEASE_BUFFERS. According to the RedHat bug tracker, this is done at least by ruby and nodejs: https://bugzilla.redhat.com/show_bug.cgi?id=1093837#c1 Nist: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198 Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2014-0198 Fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b107586