OpenSSL v1.0.0.i Release Notes
Release Date: 2012-05-10 // almost 12 years ago-
🚀 [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after OpenSSL 1.0.1.]
- Sanity check record length before skipping explicit IV in DTLS to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. [CVE-2012-2333][]
Steve Henson
- Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue.
Steve Henson