Lucene search

RedhatCVE-2014-3512

HistoryAug 13, 2014 - 11:55 p.m.

CVE-2014-3512

2014-08-1323:55:07

CWE-119

redhat

web.nvd.nist.gov

cve

buffer overflow

openssl

srp

denial of service

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

4.9

Confidence

High

EPSS

0.873

Percentile

98.7%

JSON

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

Affected configurations

Nvd

Node

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

opensslopensslMatch1.0.0h

opensslopensslMatch1.0.0i

opensslopensslMatch1.0.0j

opensslopensslMatch1.0.0k

opensslopensslMatch1.0.0l

opensslopensslMatch1.0.0m

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1beta1

opensslopensslMatch1.0.1beta2

opensslopensslMatch1.0.1beta3

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

VendorProductVersionCPE
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
opensslopenssl1.0.0acpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
opensslopenssl1.0.0bcpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
opensslopenssl1.0.0ccpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
opensslopenssl1.0.0dcpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
openssl	openssl	1.0.0a	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
openssl	openssl	1.0.0b	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
openssl	openssl	1.0.0c	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
openssl	openssl	1.0.0d	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*