OpenSSLOPENSSL:CVE-2014-3506

HistoryAug 06, 2014 - 12:00 a.m.

Vulners
/
Openssl
/
Vulnerability in OpenSSL - DTLS memory exhaustion

Vulnerability in OpenSSL - DTLS memory exhaustion

2014-08-0600:00:00

www.openssl-library.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.7

Confidence

Low

EPSS

0.863

Percentile

98.6%

JSON

A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack.

Found by Adam Langley (Google).

Affected configurations

Vulners

Node

opensslopensslRange1.0.1–1.0.1i

opensslopensslRange1.0.0–1.0.0n

opensslopensslRange0.9.8–0.9.8zb

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::

cvelist 1

checkpoint_advisories 2

prion 1

ubuntucve 1

veracode 1

debiancve 1

cve 1

nvd 1

f5 2

ibm 30

nessus 43

openvas 32

centos 2

debian 2

redhat 3

oraclelinux 8

freebsd_advisory 1

slackware 1

osv 3

ubuntu 1

huawei 1

kaspersky 1

securityvulns 2

aix 1

mageia 1

freebsd 1

amazon 1

fedora 8

altlinux 5

gentoo 1

suse 1

lenovo 2

cvelist

CVE-2014-3506

2014-08-13 23:00:00

checkpoint_advisories

OpenSSL DTLS Handshake Memory Exhaustion (CVE-2014-3506)

2014-09-28 00:00:00

OpenSSL DTLS Handshake Memory Exhaustion - ver 2 (CVE-2014-3506)

2014-09-28 00:00:00

prion

Design/Logic Flaw

2014-08-13 23:55:00

ubuntucve

CVE-2014-3506

2014-08-07 00:00:00

veracode

Denial Of Service (DoS) Through Memory Consumption

2017-02-07 01:31:35

debiancve

CVE-2014-3506

2014-08-13 23:55:07

cve

CVE-2014-3506

2014-08-13 23:55:07

nvd

CVE-2014-3506

2014-08-13 23:55:07

K15573 : OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507

2015-09-15 00:00:00

SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507

2014-09-05 00:00:00

ibm

Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products

2019-01-31 01:45:01

Security Bulletin: Multiple vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3567)

2019-01-31 01:55:01

Security Bulletin: Network Protection is affected by multiple OpenSSL vulnerabilities (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511)

2018-06-16 21:19:45

nessus

OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities

2014-08-08 00:00:00

CentOS 5 : openssl (CESA-2014:1053)

2014-08-14 00:00:00

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9598)

2014-08-21 00:00:00

openvas

Debian: Security Advisory (DLA-33-1)

2023-03-08 00:00:00

CentOS Update for openssl CESA-2014:1053 centos5

2014-08-14 00:00:00

OpenSSL Multiple Vulnerabilities (20140806 - 1) - Linux

2021-07-19 00:00:00

centos

openssl security update

2014-08-13 19:52:24

openssl security update

2014-08-13 20:10:43

debian

[DLA 33-1] openssl security update

2014-08-07 20:36:09

[SECURITY] [DSA 2998-1] openssl security update

2014-08-06 23:44:13

redhat

(RHSA-2014:1053) Moderate: openssl security update

2014-08-13 00:00:00

(RHSA-2014:1052) Moderate: openssl security update

2014-08-13 00:00:00

(RHSA-2014:1054) Moderate: openssl security update

2014-08-14 00:00:00

oraclelinux

openssl security update

2014-08-13 00:00:00

openssl security update

2014-08-13 00:00:00

openssl security update

2014-10-16 00:00:00

freebsd_advisory

FreeBSD-SA-14:18.openssl

2014-09-09 00:00:00

slackware

[slackware-security] openssl

2014-08-08 21:22:00

osv

openssl - security update

2014-08-07 00:00:00

libcrypto38-2.5.0-1.1 on GA media

2024-06-15 00:00:00

libopenssl-1_1-devel-1.1.1l-1.2 on GA media

2024-06-15 00:00:00

ubuntu

OpenSSL vulnerabilities

2014-08-07 00:00:00

huawei

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

2014-10-08 00:00:00

kaspersky

KLA10343 Multiple vulnerabilities in Stunnel

2014-08-07 00:00:00

securityvulns

OpenSSL multiple security vulnerabilities

2014-08-07 00:00:00

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities

2015-02-02 00:00:00

aix

AIX OpenSSL Denial of Service due to double free and others

2014-09-09 00:50:00

mageia

Updated openssl packages fix security vulnerabilities

2014-08-12 13:16:46

freebsd

OpenSSL -- multiple vulnerabilities

2014-08-06 00:00:00

amazon

Medium: openssl

2014-08-07 12:26:00

fedora

[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21

2015-01-02 05:06:53

[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20

2014-08-09 07:36:05

[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19

2014-08-09 07:34:58

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1

2014-10-31 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1

2014-10-30 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1

2014-10-30 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2014-12-26 00:00:00

suse

Security update for libopenssl0_9_8 (important)

2016-03-03 14:11:44

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.7

Confidence

Low

EPSS

0.863

Percentile

98.6%

JSON

Related for OPENSSL:CVE-2014-3506