CVE-2014-3470
- EPSS 91.4%
- Veröffentlicht 05.06.2014 21:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen...
CVE-2014-0221
- EPSS 82.1%
- Veröffentlicht 05.06.2014 21:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS...
CVE-2014-0198
- EPSS 30.89%
- Veröffentlicht 06.05.2014 10:44:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL...
- EPSS 14.64%
- Veröffentlicht 14.04.2014 22:38:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via...