In Win32/64 binary releases there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.
From Secunia's advisory at http://secunia.com/advisories/35128/:
Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets.
2) An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages.
3) A use-after-free error in the "dtls1_retrieve_buffered_fragment()" function can be exploited to cause a crash in a client context.
4) An error in the "dtls1_process_out_of_seq_message()" function can be exploited to crash a DTLS server via a specially crafted out of sequence DTLS packet.
All versions prior to 1.1.37 are affected by these security vulnerabilities. VooDoo cIRCle 1.1.37 binary relases for Win32/64 are not affected by these security vulnerabilities. Versions using older OpenSSL library, though on any platform, or custom builds, are vulnerable, that is, both all binary-distributed versions of VooDoo cIRCle prior to 1.1.37, and those linked against vulnerable OpenSSL library are affected by these vulnerabilities.
Update to the latest version, VooDoo cIRCle 1.1.37, which is not vulnerable.
Since OpenSSL maintainers does not take security vulnerabilities seriously, from 16th May 2009 they have not released fixed source code. These four vulnerabilities are only fixed in CVS so far (!). It is recommended to download snapshot of CVS repository of "branch" version 0.9.8-stable from vendor's site at ftp://ftp.openssl.org/snapshot/, and build the library yourself.
All Windows users using binary builds are strongly encouraged to download the latest version of VooDoo cIRCle.
2009-05-18 - Received notification about four OpenSSL vulnerabilities from http://secunia.com/.
2009-10-12 - Release of VooDoo cIRCle 1.1.37, public disclosure - this advisory.
2009-10-12 - Initial revision
Some names used in this document may be registered trademarks of their respective owners.