CVE-2014-0198CVE-2014-0198

Affected configuration(s):

cpe:/a:openssl:openssl:1.0.0
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta3
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta5
cpe:/a:openssl:openssl:1.0.0a
cpe:/a:openssl:openssl:1.0.0b
cpe:/a:openssl:openssl:1.0.0c
cpe:/a:openssl:openssl:1.0.0d
cpe:/a:openssl:openssl:1.0.0e
cpe:/a:openssl:openssl:1.0.0f
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0i
cpe:/a:openssl:openssl:1.0.0j
cpe:/a:openssl:openssl:1.0.0k
cpe:/a:openssl:openssl:1.0.0l
cpe:/a:openssl:openssl:1.0.1
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/a:openssl:openssl:1.0.1a
cpe:/a:openssl:openssl:1.0.1b
cpe:/a:openssl:openssl:1.0.1c
cpe:/a:openssl:openssl:1.0.1d
cpe:/a:openssl:openssl:1.0.1e
cpe:/a:openssl:openssl:1.0.1f
cpe:/a:openssl:openssl:1.0.1g

Date published: 2014-05-06T06:44:05.470-04:00

Date last modified: 2017-11-14T21:29:02.923-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2014-0204.html

Summary: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.