The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that the state is preserved in the SSL object from one invocation to the next, leading to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS 1.0 only client is attempting to connect to a DTLS 1.2 only server. This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a. Acknowledgements: Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Per Allansson as the original reporters.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.
External References: https://openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=819418110b6fff4a7b96f01a5d68f71df3e3b736