7.1
CVE-2014-3513
- EPSS 37.07%
- Veröffentlicht 19.10.2014 01:55:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 37.07% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://secunia.com/advisories/61959
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
https://support.apple.com/HT205217
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
http://advisories.mageia.org/MGASA-2014-0416.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
http://marc.info/?l=bugtraq&m=142804214608580&w=2
http://marc.info/?l=bugtraq&m=143290583027876&w=2
http://rhn.redhat.com/errata/RHSA-2014-1652.html
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://secunia.com/advisories/59627
http://www.debian.org/security/2014/dsa-3053
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://www.openssl.org/news/secadv_20141015.txt
http://marc.info/?l=bugtraq&m=142834685803386&w=2
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61207
http://secunia.com/advisories/61298
http://secunia.com/advisories/61439
http://secunia.com/advisories/61837
http://secunia.com/advisories/61990
http://secunia.com/advisories/62070
http://www.securityfocus.com/bid/70584
http://www.securitytracker.com/id/1031052
http://www.ubuntu.com/usn/USN-2385-1
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html