7.1

CVE-2014-3567

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8zb
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.6% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://support.citrix.com/article/CTX216642
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://support.apple.com/HT204244
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://secunia.com/advisories/61959
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
https://support.apple.com/HT205217
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
http://advisories.mageia.org/MGASA-2014-0416.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
http://marc.info/?l=bugtraq&m=141477196830952&w=2
http://marc.info/?l=bugtraq&m=142103967620673&w=2
http://marc.info/?l=bugtraq&m=142804214608580&w=2
http://marc.info/?l=bugtraq&m=143290583027876&w=2
http://rhn.redhat.com/errata/RHSA-2014-1652.html
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://secunia.com/advisories/59627
http://secunia.com/advisories/61130
http://secunia.com/advisories/61819
http://www.debian.org/security/2014/dsa-3053
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://www.openssl.org/news/secadv_20141015.txt
Vendor Advisory
http://marc.info/?l=bugtraq&m=142834685803386&w=2
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61207
http://secunia.com/advisories/61298
http://secunia.com/advisories/61837
http://secunia.com/advisories/61990
http://secunia.com/advisories/62070
http://www.securitytracker.com/id/1031052
http://www.ubuntu.com/usn/USN-2385-1
http://secunia.com/advisories/62030
http://secunia.com/advisories/62124
http://www.securityfocus.com/bid/70586
http://www.splunk.com/view/SP-CAAANST
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203