Lucene search
Ubuntu.comUB:CVE-2014-3569HistoryDec 24, 2014 - 12:00 a.m.
CVE-2014-3569
2014-12-2400:00:00
ubuntu.com
ubuntu.com
11
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.891 High
EPSS
Percentile
98.7%
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc,
1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported
protocols, which allows remote attackers to cause a denial of service (NULL
pointer dereference and daemon crash) via an unexpected handshake, as
demonstrated by an SSLv3 handshake to a no-ssl3 application with certain
error handling. NOTE: this issue became relevant after the CVE-2014-3568
fix.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | Ubuntu packages aren’t compiled with no-ssl3, so aren’t actually vulnerable to this issue. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 17.10 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
| ubuntu | 18.04 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
| ubuntu | 18.10 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
| ubuntu | 19.04 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
| ubuntu | 10.04 | noarch | openssl | < 0.9.8k-7ubuntu8.23 | UNKNOWN |
| ubuntu | 12.04 | noarch | openssl | < 1.0.1-4ubuntu5.21 | UNKNOWN |
| ubuntu | 14.04 | noarch | openssl | < 1.0.1f-1ubuntu2.8 | UNKNOWN |
| ubuntu | 14.10 | noarch | openssl | < 1.0.1f-1ubuntu9.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
| ubuntu | 15.10 | noarch | openssl | < 1.0.1f-1ubuntu10 | UNKNOWN |
Related
prion
prion
Null pointer dereference
2014-12-24 11:59:00
Design/Logic Flaw
2014-10-19 01:55:00
f5
f5
SOL16013 - OpenSSL vulnerability CVE-2014-3569
2015-01-28 00:00:00
K16013 : OpenSSL vulnerability CVE-2014-3569
2015-01-29 00:00:00
SOL15724 - OpenSSL vulnerability CVE-2014-3568
2014-10-23 00:00:00
cve
cve
debiancve
debiancve
CVE-2014-3569
2014-12-24 11:59:00
CVE-2014-3568
2014-10-19 01:55:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 08:21:22
Access Restriction Bypass
2017-02-06 08:45:07
osv
osv
openssl - security update
2014-11-01 00:00:00
openssl - security update
2014-10-16 00:00:00
openssl - security update
2015-01-11 00:00:00
nessus
nessus
Debian DLA-81-1 : openssl security update
2015-03-26 00:00:00
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2014:1512-1) (POODLE)
2015-05-20 00:00:00
Amazon Linux AMI : openssl (ALAS-2014-427)
2014-10-16 00:00:00
debian
debian
[SECURITY] [DLA 81-1] openssl security update
2014-11-01 15:49:46
[SECURITY] [DSA 3053-1] openssl security update
2014-10-16 15:48:24
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
openvas
openvas
Debian: Security Advisory (DLA-81-1)
2023-03-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-469)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-427)
2015-09-08 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569)
2015-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-3568
2014-10-19 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3569
2014-10-21 00:00:00
Vulnerability in OpenSSL CVE-2014-3568
2014-10-15 00:00:00
suse
suse
Security update for OpenSSL (important)
2014-11-12 19:05:00
Security update for OpenSSL (important)
2014-11-13 01:04:46
Security update for OpenSSL (important)
2014-11-05 23:04:47
ibm
ibm
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
Important: openssl
2014-10-15 16:14:00
securityvulns
securityvulns
[slackware-security] openssl (SSA:2014-288-01)
2014-10-17 00:00:00
OpenSSL multiple security vulnerabilities
2014-12-09 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
archlinux
archlinux
openssl: denial of service / man-in-the-middle / poodle mitigation
2014-10-16 00:00:00
openssl: multiple issues
2015-01-09 00:00:00
kaspersky
kaspersky
KLA10359 Vulnerability in Tableau
2014-07-18 00:00:00
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
KLA10452 Multiple vulnerabilities in VMware products
2015-01-27 00:00:00
slackware
slackware
[slackware-security] openssl
2014-10-15 17:58:22
[slackware-security] openssl
2015-01-09 18:34:39
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-10-15 00:00:00
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:23.openssl
2014-10-21 00:00:00
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
vmware
vmware
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.891 High
EPSS
Percentile
98.7%
Related for UB:CVE-2014-3569