openssl: DTLS anonymous (EC)DH denial of service

🗓️ 13 Aug 2014 21:32:03Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

OpenSSL DTLS anonymous EC DH handshake flaw causes NULL pointer dereference and client crash.

Reporter	Title	Published	Views	Family All 233
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect Lenovo SAN Volume Controller and Storwize Family (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities disclosed by OpenSSL project on August 6, 2014 that impact DataPower (CVE-2014-3508 and CVE-2014-3511)	20 Mar 202001:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect Upward Integration Modules (UIM) (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512)	31 Jan 201901:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors	17 Jun 201814:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products	31 Jan 201901:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) (CVE-2014-3508, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, and CVE-2014-3511)	31 Jan 201902:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect Flex System FC3171 8Gb SAN Switch and Flex System FC3171 8Gb SAN Pass-thru	31 Jan 201901:55	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	ppc	openssl	0:1.0.1e-16.el6_5.15	openssl-0:1.0.1e-16.el6_5.15.ppc.rpm
Red Hat Enterprise Linux	6	ppc64	openssl	0:1.0.1e-16.el6_5.15	openssl-0:1.0.1e-16.el6_5.15.ppc64.rpm
Red Hat Enterprise Linux	6	s390	openssl	0:1.0.1e-16.el6_5.15	openssl-0:1.0.1e-16.el6_5.15.s390.rpm
Red Hat Enterprise Linux	6	s390x	openssl	0:1.0.1e-16.el6_5.15	openssl-0:1.0.1e-16.el6_5.15.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	openssl	0:1.0.1e-16.el6_5.15	openssl-0:1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux	6	any	openssl	0:1.0.1e-16.el6_5.15.i686	openssl-0:1.0.1e-16.el6_5.15.i686.noarch.rpm
Red Hat Enterprise Linux	7	ppc64	openssl	1:1.0.1e-34.el7_0.4	openssl-1:1.0.1e-34.el7_0.4.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	openssl	1:1.0.1e-34.el7_0.4	openssl-1:1.0.1e-34.el7_0.4.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	openssl	1:1.0.1e-34.el7_0.4	openssl-1:1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux	6	ppc	openssl-debuginfo	0:1.0.1e-16.el6_5.15	openssl-debuginfo-0:1.0.1e-16.el6_5.15.ppc.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2014-3510
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3510
cve	www.cve.org/CVERecord
openssl	www.openssl.org/news/secadv_20140806.txt

25 Jun 2026 10:41Current

6.6Medium risk

Vulners AI Score6.6

CVSS 24.3

EPSS0.16946

anonymous diffie hellman elliptic curve null pointer crash