OpenSSL has two TLS related programming errors which cause it to crash. The first error causes OpenSSL to crash to segmentation fault when it receives TLS 1.0 Client Hello packet which contains server name extension having server_name set to 0x00. The openssl program does not have TLS extension handling enabled by default, it has to be explicitly enabled at compile time. The second error causes the SSL client implementation to crash to segmentation fault caused by NULL pointer dereference when 'Server Key exchange message' is omitted from the TLS handshake. The fault is present when Anonymous Diffie-Hellman key exchange is used.
http://www.securiteam.com/securitynews/5GP040AOKE.html
