If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
then this can result in the client attempting to dereference a NULL pointer
leading to a client crash. This could be exploited in a Denial of Service
This issue does not affect OpenSSL version 1.0.2.
Write up from the original reporter:
This only affected OpenSSL 1.1.0, which is not currently included in any Red Hat product.