Lucene search

K
opensslOpenSSLOPENSSL:CVE-2014-0198
HistoryApr 21, 2014 - 12:00 a.m.

Vulnerability in OpenSSL - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference

2014-04-2100:00:00
www.openssl-library.org
34

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.041

Percentile

92.2%

A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

Affected configurations

Vulners
Node
opensslopensslRange1.0.11.0.1h
OR
opensslopensslRange1.0.01.0.0m
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.041

Percentile

92.2%