Lucene search

[email protected]CVE-2014-5139

HistoryAug 13, 2014 - 11:55 p.m.

CVE-2014-5139

2014-08-1323:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-5139

openssl

denial of service

ssl

nvd

3.6 Low

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.05 Low

EPSS

Percentile

92.8%

JSON

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

CPENameOperatorVersion
openssl:opensslopenssleq1.0.1
openssl:opensslopenssleq1.0.1h
openssl:opensslopenssleq1.0.1c
openssl:opensslopenssleq1.0.1g
openssl:opensslopenssleq1.0.1a
openssl:opensslopenssleq1.0.1d
openssl:opensslopenssleq1.0.1b
openssl:opensslopenssleq1.0.1e
openssl:opensslopenssleq1.0.1f

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	1.0.1
openssl:openssl	openssl	eq	1.0.1h
openssl:openssl	openssl	eq	1.0.1c
openssl:openssl	openssl	eq	1.0.1g
openssl:openssl	openssl	eq	1.0.1a
openssl:openssl	openssl	eq	1.0.1d
openssl:openssl	openssl	eq	1.0.1b
openssl:openssl	openssl	eq	1.0.1e
openssl:openssl	openssl	eq	1.0.1f

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

marc.info/?l=bugtraq&m=142350350616251&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142624619906067

marc.info/?l=bugtraq&m=142624619906067&w=2

marc.info/?l=bugtraq&m=142624679706236&w=2

marc.info/?l=bugtraq&m=142624719706349&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

secunia.com/advisories/59700

secunia.com/advisories/59710

secunia.com/advisories/59756

secunia.com/advisories/60022

secunia.com/advisories/60221

secunia.com/advisories/60493

secunia.com/advisories/60803

secunia.com/advisories/60810

secunia.com/advisories/60917

secunia.com/advisories/60921

secunia.com/advisories/61017

secunia.com/advisories/61100

secunia.com/advisories/61171

secunia.com/advisories/61184

secunia.com/advisories/61392

secunia.com/advisories/61775

secunia.com/advisories/61959

security.gentoo.org/glsa/glsa-201412-39.xml

support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html

www-01.ibm.com/support/docview.wss?uid=nas8N1020240

www-01.ibm.com/support/docview.wss?uid=swg21682293

www-01.ibm.com/support/docview.wss?uid=swg21683389

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-2998

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

www.securityfocus.com/bid/69077

www.securitytracker.com/id/1030693

www.tenable.com/security/tns-2014-06

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e

lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

www.openssl.org/news/secadv_20140806.txt

3.6 Low

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.05 Low

EPSS

Percentile

92.8%

JSON

CVE-2014-5139

References

Related