Lucene search

RedhatCVE-2014-3509

HistoryAug 13, 2014 - 11:55 p.m.

CVE-2014-3509

2014-08-1323:55:07

CWE-362

redhat

web.nvd.nist.gov

cve

2014

3509

race condition

ssl

openssl

denial of service

memory overwrite

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.024

Percentile

90.0%

JSON

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

Affected configurations

Nvd

Node

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

opensslopensslMatch1.0.0h

opensslopensslMatch1.0.0i

opensslopensslMatch1.0.0j

opensslopensslMatch1.0.0k

opensslopensslMatch1.0.0l

opensslopensslMatch1.0.0m

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1beta1

opensslopensslMatch1.0.1beta2

opensslopensslMatch1.0.1beta3

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

VendorProductVersionCPE
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
opensslopenssl1.0.0acpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
opensslopenssl1.0.0bcpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
opensslopenssl1.0.0ccpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
opensslopenssl1.0.0dcpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
openssl	openssl	1.0.0a	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
openssl	openssl	1.0.0b	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
openssl	openssl	1.0.0c	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
openssl	openssl	1.0.0d	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*

Rows per page:

1-10 of 311

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

linux.oracle.com/errata/ELSA-2014-1052.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

marc.info/?l=bugtraq&m=142350350616251&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

rhn.redhat.com/errata/RHSA-2015-0197.html

secunia.com/advisories/58962

secunia.com/advisories/59700

secunia.com/advisories/59710

secunia.com/advisories/59756

secunia.com/advisories/60022

secunia.com/advisories/60221

secunia.com/advisories/60493

secunia.com/advisories/60684

secunia.com/advisories/60803

secunia.com/advisories/60917

secunia.com/advisories/60921

secunia.com/advisories/60938

secunia.com/advisories/61017

secunia.com/advisories/61100

secunia.com/advisories/61139

secunia.com/advisories/61184

secunia.com/advisories/61775

secunia.com/advisories/61959

security.gentoo.org/glsa/glsa-201412-39.xml

www-01.ibm.com/support/docview.wss?uid=nas8N1020240

www-01.ibm.com/support/docview.wss?uid=swg21682293

www-01.ibm.com/support/docview.wss?uid=swg21683389

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-2998

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

www.mandriva.com/security/advisories?name=MDVSA-2014:158

www.securityfocus.com/bid/69084

www.securitytracker.com/id/1030693

bugzilla.redhat.com/show_bug.cgi?id=1127498

exchange.xforce.ibmcloud.com/vulnerabilities/95159

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

support.citrix.com/article/CTX216642

techzone.ergon.ch/CVE-2014-3511

www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

www.openssl.org/news/secadv_20140806.txt

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.024

Percentile

90.0%

JSON

CVE-2014-3509

Affected configurations

References

Related