If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. This issue does not affect OpenSSL version 1.0.2. External References: https://www.openssl.org/news/secadv/20170126.txt
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=efbe126e3ebb9123ac9d058aa2bb044261342aaa Write up from the original reporter: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/
This only affected OpenSSL 1.1.0, which is not currently included in any Red Hat product.