Vulnerable versions are 3.5.0.1 to 3.5.8 (inclusive), which are
built with OpenSSL and configured for "SSL-Bump" decryption.
Integer overflows can lead to invalid pointer math reading from
random memory on some CPU architectures. In the best case this leads
to wrong TLS extensions being used for the client, worst-case a
crash of the proxy terminating all active transactions.
Incorrect message size checks and assumptions about the existence
of TLS extensions in the SSL/TLS handshake message can lead to very
high CPU consumption (up to and including 'infinite loop'
behaviour).
The above can be triggered remotely. Though there is one layer of
authorization applied before this processing to check that the
client is allowed to use the proxy, that check is generally weak. MS
Skype on Windows XP is known to trigger some of these.
The FreeBSD port does not use SSL by default and is not vulnerable
in the default configuration.