OpenSSL Information for VU#386964

OpenSSL SSLv2 client code fails to properly check for NULL

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

The OpenSSL development team has published OpenSSL Security Advisory [28th September 2006] in response to this issue. Users or redistributors who compile OpenSSL from the original source code distribution are encouraged to review this advisory and upgrade to the appropriate fixed version of the software.

If you have feedback, comments, or additional information about this vulnerability, please send us email.