CVE-2014-3567CVE-2014-3567

Affected configuration(s):

cpe:/a:openssl:openssl:0.9.8zb
cpe:/a:openssl:openssl:1.0.0
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta3
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta5
cpe:/a:openssl:openssl:1.0.0a
cpe:/a:openssl:openssl:1.0.0b
cpe:/a:openssl:openssl:1.0.0c
cpe:/a:openssl:openssl:1.0.0d
cpe:/a:openssl:openssl:1.0.0e
cpe:/a:openssl:openssl:1.0.0f
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0i
cpe:/a:openssl:openssl:1.0.0j
cpe:/a:openssl:openssl:1.0.0k
cpe:/a:openssl:openssl:1.0.0l
cpe:/a:openssl:openssl:1.0.0m
cpe:/a:openssl:openssl:1.0.0n
cpe:/a:openssl:openssl:1.0.1
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/a:openssl:openssl:1.0.1a
cpe:/a:openssl:openssl:1.0.1b
cpe:/a:openssl:openssl:1.0.1c
cpe:/a:openssl:openssl:1.0.1d
cpe:/a:openssl:openssl:1.0.1e
cpe:/a:openssl:openssl:1.0.1f
cpe:/a:openssl:openssl:1.0.1g
cpe:/a:openssl:openssl:1.0.1h
cpe:/a:openssl:openssl:1.0.1i

Date published: 2014-10-18T21:55:13.933-04:00

Date last modified: 2017-11-14T21:29:04.890-05:00

CVSS Score: 7.1

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

Summary: Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.