Lucene search

[email protected]CVE-2014-3513

HistoryOct 19, 2014 - 1:55 a.m.

CVE-2014-3513

2014-10-1901:55:00

CWE-20

[email protected]

web.nvd.nist.gov

108

cve-2014-3513

memory leak

d1_srtp.c

openssl

dtls

srtp

denial of service

nvd

4.2 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.862 High

EPSS

Percentile

98.5%

JSON

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

CPENameOperatorVersion
openssl:opensslopenssleq1.0.1
openssl:opensslopenssleq1.0.1h
openssl:opensslopenssleq1.0.1c
openssl:opensslopenssleq1.0.1g
openssl:opensslopenssleq1.0.1a
openssl:opensslopenssleq1.0.1d
openssl:opensslopenssleq1.0.1b
openssl:opensslopenssleq1.0.1e
openssl:opensslopenssleq1.0.1f
openssl:opensslopenssleq1.0.1i

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	1.0.1
openssl:openssl	openssl	eq	1.0.1h
openssl:openssl	openssl	eq	1.0.1c
openssl:openssl	openssl	eq	1.0.1g
openssl:openssl	openssl	eq	1.0.1a
openssl:openssl	openssl	eq	1.0.1d
openssl:openssl	openssl	eq	1.0.1b
openssl:openssl	openssl	eq	1.0.1e
openssl:openssl	openssl	eq	1.0.1f
openssl:openssl	openssl	eq	1.0.1i

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

advisories.mageia.org/MGASA-2014-0416.html

aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=142804214608580&w=2

marc.info/?l=bugtraq&m=142834685803386&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

marc.info/?l=bugtraq&m=143290583027876&w=2

rhn.redhat.com/errata/RHSA-2014-1652.html

rhn.redhat.com/errata/RHSA-2014-1692.html

secunia.com/advisories/59627

secunia.com/advisories/61058

secunia.com/advisories/61073

secunia.com/advisories/61207

secunia.com/advisories/61298

secunia.com/advisories/61439

secunia.com/advisories/61837

secunia.com/advisories/61959

secunia.com/advisories/61990

secunia.com/advisories/62070

security.gentoo.org/glsa/glsa-201412-39.xml

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-3053

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.securityfocus.com/bid/70584

www.securitytracker.com/id/1031052

www.ubuntu.com/usn/USN-2385-1

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

kc.mcafee.com/corporate/index?page=content&id=SB10091

support.apple.com/HT205217

support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html

www.openssl.org/news/secadv_20141015.txt

4.2 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.862 High

EPSS

Percentile

98.5%

JSON

CVE-2014-3513

References

Related