If client authentication is used, then a server can crash with a segmentation fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange (CKE) message being sent by the client. This could be exploited in a denial of service attack.
This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Matt Caswell of the OpenSSL development team as the original reporter.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.