Vulnerability in OpenSSL (CVE-2014-3513)

2014-10-15T00:00:00
ID OPENSSL:CVE-2014-3513
Type openssl
Reporter OpenSSL
Modified 2014-10-15T00:00:00

Description

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Reported by LibreSSL project.