A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSL_peek() API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.