Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2
HistoryAug 06, 2014 - 12:00 a.m.

OpenSSL -- multiple vulnerabilities

2014-08-0600:00:00
vuxml.freebsd.org
18

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON

The OpenSSL Project reports:

A flaw in OBJ_obj2txt may cause pretty printing functions
such as X509_name_oneline, X509_name_print_ex et al. to leak
some information from the stack. [CVE-2014-3508]
The issue affects OpenSSL clients and allows a malicious
server to crash the client with a null pointer dereference
(read) by specifying an SRP ciphersuite even though it was
not properly negotiated with the client. [CVE-2014-5139]
If a multithreaded client connects to a malicious server
using a resumed session and the server sends an ec point
format extension it could write up to 255 bytes to freed
memory. [CVE-2014-3509]
An attacker can force an error condition which causes
openssl to crash whilst processing DTLS packets due to
memory being freed twice. This can be exploited through
a Denial of Service attack. [CVE-2014-3505]
An attacker can force openssl to consume large amounts
of memory whilst processing DTLS handshake messages.
This can be exploited through a Denial of Service
attack. [CVE-2014-3506]
By sending carefully crafted DTLS packets an attacker
could cause openssl to leak memory. This can be exploited
through a Denial of Service attack. [CVE-2014-3507]
OpenSSL DTLS clients enabling anonymous (EC)DH
ciphersuites are subject to a denial of service attack.
A malicious server can crash the client with a null pointer
dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake
messages. [CVE-2014-3510]
A flaw in the OpenSSL SSL/TLS server code causes the
server to negotiate TLS 1.0 instead of higher protocol
versions when the ClientHello message is badly
fragmented. This allows a man-in-the-middle attacker
to force a downgrade to TLS 1.0 even if both the server
and the client support a higher protocol version, by
modifying the client’s TLS records. [CVE-2014-3511]
A malicious client or server can send invalid SRP
parameters and overrun an internal buffer. Only
applications which are explicitly set up for SRP
use are affected. [CVE-2014-3512]

Related

nessus 46
ibm 41
mageia 1
aix 1
amazon 1
openvas 29
osv 1
debian 2
slackware 1
huawei 1
ubuntu 1
securityvulns 1
kaspersky 1
freebsd_advisory 1
redhat 4
oraclelinux 4
centos 2
altlinux 5
gentoo 1
f5 8
fedora 7
checkpoint_advisories 6
veracode 7
ubuntucve 7
cve 5
prion 5
debiancve 5
openssl 5
nessus
nessus
Amazon Linux AMI : openssl (ALAS-2014-391)
2014-10-12 00:00:00
FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)
2014-08-07 00:00:00
WinSCP 5.x < 5.5.5 Multiple Vulnerabilities
2014-10-07 00:00:00
ibm
ibm
Security Bulletin: GPFS V3.5 for Windows is affected by OpenSSL vulnerabilities (CVE-2014-3512, CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508, CVE-2014-5139)
2021-06-25 16:46:35
Security Bulletin: Network Intrusion Prevention System is affected by multiple OpenSSL vulnerabilities (CVE-2014-3508, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511)
2022-02-23 19:21:55
Security Bulletin: IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL
2019-10-18 03:50:04
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
openvas
openvas
Debian Security Advisory DSA 2998-1 (openssl - security update)
2014-08-07 00:00:00
Slackware: Security Advisory (SSA:2014-220-01)
2022-04-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0325)
2022-01-28 00:00:00
osv
osv
openssl - security update
2014-08-07 00:00:00
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
[DLA 33-1] openssl security update
2014-08-07 20:36:09
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
f5
f5
K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2015-09-15 00:00:00
SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2014-09-05 00:00:00
SOL15567 - OpenSSL vulnerability CVE-2014-5139
2014-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
2015-01-27 00:00:00
OpenSSL DTLS Handshake Double Free (CVE-2014-3505)
2014-09-30 00:00:00
OpenSSL Multiple Invalid SRP Parameters Buffer Overflow (CVE-2014-3512)
2014-12-25 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 05:58:10
Denial Of Service (DoS)
2017-02-07 00:49:39
Denial Of Service (DoS)
2019-01-15 08:59:12
ubuntucve
ubuntucve
CVE-2014-5139
2014-08-07 00:00:00
CVE-2014-3512
2014-08-07 00:00:00
CVE-2014-3505
2014-08-07 00:00:00
cve
cve
CVE-2014-3505
2014-08-13 23:55:00
CVE-2014-5139
2014-08-13 23:55:00
CVE-2014-3512
2014-08-13 23:55:00
prion
prion
Buffer overflow
2014-08-13 23:55:00
Null pointer dereference
2014-08-13 23:55:00
Double free
2014-08-13 23:55:00
debiancve
debiancve
CVE-2014-3512
2014-08-13 23:55:00
CVE-2014-5139
2014-08-13 23:55:00
CVE-2014-3505
2014-08-13 23:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3512
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-5139
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3505
2014-08-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON
Related for 8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2
nessus46ibm41mageia1aix1amazon1openvas29osv1debian2slackware1huawei1ubuntu1securityvulns1kaspersky1freebsd_advisory1redhat4oraclelinux4centos2altlinux5gentoo1f58fedora7checkpoint_advisories6veracode7ubuntucve7cve5prion5debiancve5openssl5