Lucene search

[email protected]CVE-2014-3510

HistoryAug 13, 2014 - 11:55 p.m.

CVE-2014-3510

2014-08-1323:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

openssl

vulnerability

remote

denial of service

nvd

4.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

CPENameOperatorVersion
openssl:opensslopenssleq0.9.8b
openssl:opensslopenssleq0.9.8m
openssl:opensslopenssleq1.0.1
openssl:opensslopenssleq0.9.8c
openssl:opensslopenssleq1.0.0c
openssl:opensslopenssleq1.0.0i
openssl:opensslopenssleq1.0.0
openssl:opensslopenssleq1.0.1h
openssl:opensslopenssleq0.9.8n
openssl:opensslopenssleq0.9.8p

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	0.9.8b
openssl:openssl	openssl	eq	0.9.8m
openssl:openssl	openssl	eq	1.0.1
openssl:openssl	openssl	eq	0.9.8c
openssl:openssl	openssl	eq	1.0.0c
openssl:openssl	openssl	eq	1.0.0i
openssl:openssl	openssl	eq	1.0.0
openssl:openssl	openssl	eq	1.0.1h
openssl:openssl	openssl	eq	0.9.8n
openssl:openssl	openssl	eq	0.9.8p

Rows per page:

1-10 of 501

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

linux.oracle.com/errata/ELSA-2014-1052.html

linux.oracle.com/errata/ELSA-2014-1053.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

marc.info/?l=bugtraq&m=140853041709441&w=2

marc.info/?l=bugtraq&m=141077370928502&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

rhn.redhat.com/errata/RHSA-2014-1256.html

rhn.redhat.com/errata/RHSA-2014-1297.html

secunia.com/advisories/58962

secunia.com/advisories/59221

secunia.com/advisories/59700

secunia.com/advisories/59710

secunia.com/advisories/59743

secunia.com/advisories/59756

secunia.com/advisories/60022

secunia.com/advisories/60221

secunia.com/advisories/60493

secunia.com/advisories/60684

secunia.com/advisories/60687

secunia.com/advisories/60778

secunia.com/advisories/60803

secunia.com/advisories/60824

secunia.com/advisories/60917

secunia.com/advisories/60921

secunia.com/advisories/60938

secunia.com/advisories/61017

secunia.com/advisories/61045

secunia.com/advisories/61100

secunia.com/advisories/61184

secunia.com/advisories/61250

secunia.com/advisories/61775

secunia.com/advisories/61959

security.gentoo.org/glsa/glsa-201412-39.xml

support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html

www-01.ibm.com/support/docview.wss?uid=nas8N1020240

www-01.ibm.com/support/docview.wss?uid=swg21682293

www-01.ibm.com/support/docview.wss?uid=swg21683389

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-2998

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

www.mandriva.com/security/advisories?name=MDVSA-2014:158

www.securityfocus.com/bid/69082

www.securitytracker.com/id/1030693

bugzilla.redhat.com/show_bug.cgi?id=1127503

exchange.xforce.ibmcloud.com/vulnerabilities/95164

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049

lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

www.openssl.org/news/secadv_20140806.txt

4.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

CVE-2014-3510

References

Related