Lucene search

PRIOn knowledge basePRION:CVE-2014-3507

HistoryAug 13, 2014 - 11:55 p.m.

Memory corruption

2014-08-1323:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.936 High

EPSS

Percentile

99.1%

JSON

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

CPENameOperatorVersion
openssleq0.9.898
openssleq0.9.8109
openssleq1.0.1 beta2
openssleq0.9.899
openssleq1.0.99
openssleq1.0.105
openssleq1.0.0 beta1
openssleq1.0.1104
openssleq0.9.8110
openssleq1.0.0 beta2

Name	Operator	Version
openssl	eq	0.9.898
openssl	eq	0.9.8109
openssl	eq	1.0.1 beta2
openssl	eq	0.9.899
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.0 beta1
openssl	eq	1.0.1104
openssl	eq	0.9.8110
openssl	eq	1.0.0 beta2

Rows per page:

1-10 of 591

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

linux.oracle.com/errata/ELSA-2014-1052.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

secunia.com/advisories/58962

secunia.com/advisories/59700

secunia.com/advisories/59710

secunia.com/advisories/59743

secunia.com/advisories/59756

secunia.com/advisories/60022

secunia.com/advisories/60221

secunia.com/advisories/60493

secunia.com/advisories/60684

secunia.com/advisories/60778

secunia.com/advisories/60803

secunia.com/advisories/60824

secunia.com/advisories/60917

secunia.com/advisories/60921

secunia.com/advisories/60938

secunia.com/advisories/61017

secunia.com/advisories/61040

secunia.com/advisories/61100

secunia.com/advisories/61184

secunia.com/advisories/61250

secunia.com/advisories/61775

secunia.com/advisories/61959

security.gentoo.org/glsa/glsa-201412-39.xml

support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html

www-01.ibm.com/support/docview.wss?uid=nas8N1020240

www-01.ibm.com/support/docview.wss?uid=swg21682293

www-01.ibm.com/support/docview.wss?uid=swg21683389

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-2998

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

www.mandriva.com/security/advisories?name=MDVSA-2014:158

www.securityfocus.com/bid/69078

www.securitytracker.com/id/1030693

bugzilla.redhat.com/show_bug.cgi?id=1127502

exchange.xforce.ibmcloud.com/vulnerabilities/95161

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74

kc.mcafee.com/corporate/index?page=content&id=SB10109

lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

marc.info/?l=bugtraq&m=140853041709441&w=2

marc.info/?l=bugtraq&m=141077370928502&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

www.openssl.org/news/secadv_20140806.txt

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.936 High

EPSS

Percentile

99.1%

JSON

Memory corruption

References

Related