Lucene search

PRIOn knowledge basePRION:CVE-2014-3571

HistoryJan 09, 2015 - 2:59 a.m.

Null pointer dereference

2015-01-0902:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.716 High

EPSS

Percentile

98.0%

JSON

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

CPENameOperatorVersion
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.99
openssleq1.0.105
openssleq1.0.1104
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101

Name	Operator	Version
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.1104
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101

Rows per page:

1-10 of 261

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

rhn.redhat.com/errata/RHSA-2015-0066.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

www.debian.org/security/2015/dsa-3125

www.mandriva.com/security/advisories?name=MDVSA-2015:019

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/71937

www.securitytracker.com/id/1033378

bto.bluecoat.com/security-advisory/sa88

github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b

github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d

kc.mcafee.com/corporate/index?page=content&id=SB10102

kc.mcafee.com/corporate/index?page=content&id=SB10108

lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

marc.info/?l=bugtraq&m=142496179803395&w=2

marc.info/?l=bugtraq&m=142496289803847&w=2

marc.info/?l=bugtraq&m=142721102728110&w=2

marc.info/?l=bugtraq&m=142895206924048&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050205101530&w=2

marc.info/?l=bugtraq&m=144050254401665&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

support.apple.com/HT204659

www.openssl.org/news/secadv_20150108.txt

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.716 High

EPSS

Percentile

98.0%

JSON

Null pointer dereference

References

Related