Lucene search

[email protected]CVE-2014-9424

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9424

2022-10-0316:20:40

[email protected]

web.nvd.nist.gov

cve-2014-9424

double free vulnerability

ssl_parse_clienthello_use_srtp_ext

d1_srtp.c

libressl

denial of service

dtls handshake

nvd

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.6%

JSON

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.

Affected configurations

NVD

Node

openbsdlibresslRange≤2.1.1

CPENameOperatorVersion
openbsd:libresslopenbsd libresslle2.1.1

CPE	Name	Operator	Version
openbsd:libressl	openbsd libressl	le	2.1.1

References

code.google.com/p/google-security-research/issues/detail?id=202

github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for CVE-2014-9424

nvd1 prion1 cvelist1