OpenSSL < 0.9.8zb / < 1.0.0n / < 1.0.1i Multiple Vulnerabilities

OpenSSL before 0.9.8zb, 1.0.0n, or 1.0.1i are unpatched for the following vulnerabilities:

• A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. (CVE-2014-3505)

• An unspecified error exists related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed. (CVE-2014-3506)

• A memory leak error exists related to handling specially crafted DTLS packets that allows denial of service attacks. (CVE-2014-3507)

• An error exists related to ‘OBJ_obj2txt’ and the pretty printing ‘X509_name_*’ functions which leak stack data, resulting in an information disclosure. (CVE-2014-3508)

• A null pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allow denial of service attacks against clients. (CVE-2014-3510)

Additionally, several vulnerabilities specific to version 1.0.1 prior to 1.0.1i have been disclosed:

• Race condition in ssl_parse_serverhello_tlsext that can cause information disclosure in applications utilizing the OpenSSL library (CVE-2014-3509)

• An SRP buffer overrun was found that can be triggered by sending invalid SRP parameters (CVE-2014-3512)

• A flaw in the OpenSSL SSL/TLS server code can cause the server to negotiate TLS 1.0, even when higher protocol versions are supported, when the ClientHello message is badly fragmented (CVE-2014-3511)