OpenSSL TLS Server: Buffer Overflow Vulnerability

Users of OpenSSL TLS server please be advised of a buffer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

DSA-2125-1: [DSA-2125-1] openssl – buffer overflow Issue
Vulnerability : buffer overflow
A flaw has been found in the OpenSSL TLS server extension code parsing

which on affected servers can be exploited in a buffer overrun attack.

This allows an attacker to cause an appliation crash or potentially to

execute arbitrary code.

However, not all OpenSSL based SSL/TLS servers are vulnerable: A server

is vulnerable if it is multi-threaded and uses OpenSSL’s internal caching

mechanism. In particular the Apache HTTP server (which never uses OpenSSL

internal caching) and Stunnel (which includes its own workaround) are NOT