Lucene search

PRIOn knowledge basePRION:CVE-2014-3510

HistoryAug 13, 2014 - 11:55 p.m.

Null pointer dereference

2014-08-1323:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.0%

JSON

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

CPENameOperatorVersion
openssleq0.9.898
openssleq0.9.8109
openssleq1.0.1 beta2
openssleq0.9.899
openssleq1.0.99
openssleq1.0.105
openssleq1.0.0 beta1
openssleq1.0.1104
openssleq0.9.8110
openssleq1.0.0 beta2

Name	Operator	Version
openssl	eq	0.9.898
openssl	eq	0.9.8109
openssl	eq	1.0.1 beta2
openssl	eq	0.9.899
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.0 beta1
openssl	eq	1.0.1104
openssl	eq	0.9.8110
openssl	eq	1.0.0 beta2

Rows per page:

1-10 of 591

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

linux.oracle.com/errata/ELSA-2014-1052.html

linux.oracle.com/errata/ELSA-2014-1053.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

rhn.redhat.com/errata/RHSA-2014-1256.html

rhn.redhat.com/errata/RHSA-2014-1297.html

secunia.com/advisories/58962

secunia.com/advisories/59221

secunia.com/advisories/59700

secunia.com/advisories/59710

secunia.com/advisories/59743

secunia.com/advisories/59756

secunia.com/advisories/60022

secunia.com/advisories/60221

secunia.com/advisories/60493

secunia.com/advisories/60684

secunia.com/advisories/60687

secunia.com/advisories/60778

secunia.com/advisories/60803

secunia.com/advisories/60824

secunia.com/advisories/60917

secunia.com/advisories/60921

secunia.com/advisories/60938

secunia.com/advisories/61017

secunia.com/advisories/61045

secunia.com/advisories/61100

secunia.com/advisories/61184

secunia.com/advisories/61250

secunia.com/advisories/61775

secunia.com/advisories/61959

security.gentoo.org/glsa/glsa-201412-39.xml

support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html

www-01.ibm.com/support/docview.wss?uid=nas8N1020240

www-01.ibm.com/support/docview.wss?uid=swg21682293

www-01.ibm.com/support/docview.wss?uid=swg21683389

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-2998

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

www.mandriva.com/security/advisories?name=MDVSA-2014:158

www.securityfocus.com/bid/69082

www.securitytracker.com/id/1030693

bugzilla.redhat.com/show_bug.cgi?id=1127503

exchange.xforce.ibmcloud.com/vulnerabilities/95164

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049

lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

marc.info/?l=bugtraq&m=140853041709441&w=2

marc.info/?l=bugtraq&m=141077370928502&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

www.openssl.org/news/secadv_20140806.txt

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.0%

JSON

Null pointer dereference

References

Related