Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K15573
HistorySep 15, 2015 - 12:00 a.m.

K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507

2015-09-1500:00:00
my.f5.com
35

AI Score

5

Confidence

High

EPSS

0.919

Percentile

99.0%

JSON

Security Advisory Description

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

Impact

Remote attackers may be able to cause a denial-of-service (DoS) via crafted Datagram Transport Layer Security (DTLS) packets.

Related

f5 1
ibm 30
nessus 46
openvas 35
debian 2
oraclelinux 8
redhat 3
centos 2
cve 3
checkpoint_advisories 4
slackware 1
kaspersky 1
securityvulns 2
osv 3
ubuntu 1
huawei 1
cvelist 3
nvd 3
veracode 4
ubuntucve 3
openssl 3
prion 3
debiancve 3
mageia 1
freebsd 1
aix 1
amazon 1
fedora 8
altlinux 5
freebsd_advisory 1
gentoo 1
suse 1
lenovo 2
f5
f5
SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
2014-09-05 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products
2019-01-31 01:45:01
Security Bulletin: Multiple vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3567)
2019-01-31 01:55:01
Security Bulletin: Network Protection is affected by multiple OpenSSL vulnerabilities (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511)
2018-06-16 21:19:45
nessus
nessus
OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities
2014-08-08 00:00:00
Debian DLA-33-1 : openssl security update
2015-03-26 00:00:00
SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9598)
2014-08-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-33-1)
2023-03-08 00:00:00
OpenSSL Multiple Vulnerabilities (20140806 - 1) - Linux
2021-07-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1049-1)
2021-06-09 00:00:00
debian
debian
[DLA 33-1] openssl security update
2014-08-07 20:36:09
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
cve
cve
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3507
2014-08-13 23:55:07
CVE-2014-3506
2014-08-13 23:55:07
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS Handshake Double Free (CVE-2014-3505)
2014-09-30 00:00:00
OpenSSL DTLS Handshake Memory Exhaustion (CVE-2014-3506)
2014-09-28 00:00:00
OpenSSL dtls1_process_out_of_seq_message Denial of Service (CVE-2014-3507)
2014-10-07 00:00:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
osv
osv
openssl - security update
2014-08-07 00:00:00
libcrypto38-2.5.0-1.1 on GA media
2024-06-15 00:00:00
libopenssl-1_1-devel-1.1.1l-1.2 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
cvelist
cvelist
CVE-2014-3506
2014-08-13 23:00:00
CVE-2014-3505
2014-08-13 23:00:00
CVE-2014-3507
2014-08-13 23:00:00
nvd
nvd
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3507
2014-08-13 23:55:07
CVE-2014-3506
2014-08-13 23:55:07
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:12
Denial Of Service (DoS)
2017-02-07 01:37:14
Denial Of Service (DoS)
2019-05-02 05:08:11
ubuntucve
ubuntucve
CVE-2014-3505
2014-08-07 00:00:00
CVE-2014-3507
2014-08-07 00:00:00
CVE-2014-3506
2014-08-07 00:00:00
openssl
openssl
Vulnerability in OpenSSL - Double Free when processing DTLS packets
2014-08-06 00:00:00
Vulnerability in OpenSSL - DTLS memory exhaustion
2014-08-06 00:00:00
Vulnerability in OpenSSL - DTLS memory leak from zero-length fragments
2014-08-06 00:00:00
prion
prion
Double free
2014-08-13 23:55:00
Memory corruption
2014-08-13 23:55:00
Design/Logic Flaw
2014-08-13 23:55:00
debiancve
debiancve
CVE-2014-3505
2014-08-13 23:55:07
CVE-2014-3507
2014-08-13 23:55:07
CVE-2014-3506
2014-08-13 23:55:07
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
suse
suse
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51

AI Score

5

Confidence

High

EPSS

0.919

Percentile

99.0%

JSON
Related for F5:K15573
f51ibm30nessus46openvas35debian2oraclelinux8redhat3centos2cve3checkpoint_advisories4slackware1kaspersky1securityvulns2osv3ubuntu1huawei1cvelist3nvd3veracode4ubuntucve3openssl3prion3debiancve3mageia1freebsd1aix1amazon1fedora8altlinux5freebsd_advisory1gentoo1suse1lenovo2