5

CVE-2014-3507

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
OpenSSLOpenSSL Version0.9.8l
OpenSSLOpenSSL Version0.9.8m
OpenSSLOpenSSL Version0.9.8m Updatebeta1
OpenSSLOpenSSL Version0.9.8n
OpenSSLOpenSSL Version0.9.8o
OpenSSLOpenSSL Version0.9.8p
OpenSSLOpenSSL Version0.9.8q
OpenSSLOpenSSL Version0.9.8r
OpenSSLOpenSSL Version0.9.8s
OpenSSLOpenSSL Version0.9.8t
OpenSSLOpenSSL Version0.9.8u
OpenSSLOpenSSL Version0.9.8v
OpenSSLOpenSSL Version0.9.8w
OpenSSLOpenSSL Version0.9.8x
OpenSSLOpenSSL Version0.9.8y
OpenSSLOpenSSL Version0.9.8za
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 51.44% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://secunia.com/advisories/61184
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=140853041709441&w=2
http://marc.info/?l=bugtraq&m=141077370928502&w=2
http://secunia.com/advisories/58962
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59743
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60778
http://secunia.com/advisories/60803
http://secunia.com/advisories/60824
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61040
http://secunia.com/advisories/61100
http://secunia.com/advisories/61250
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
http://www.securitytracker.com/id/1030693
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://www.openssl.org/news/secadv_20140806.txt
Vendor Advisory
http://secunia.com/advisories/61017
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
http://www.securityfocus.com/bid/69078
https://bugzilla.redhat.com/show_bug.cgi?id=1127502
https://exchange.xforce.ibmcloud.com/vulnerabilities/95161
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74
https://kc.mcafee.com/corporate/index?page=content&id=SB10109