A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack.

Found by Markus Stenberg of Cisco Systems, Inc.

Affected configurations

Vulners

Node

opensslopensslRange1.0.1–1.0.1k

opensslopensslRange1.0.0–1.0.0p

opensslopensslRange0.9.8–0.9.8zd

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::

cve 2

checkpoint_advisories 1

ubuntucve 1

f5 2

nessus 50

cvelist 1

prion 1

debiancve 1

nvd 2

veracode 1

oraclelinux 10

openvas 32

fedora 3

osv 3

debian 3

ibm 36

ubuntu 1

securityvulns 11

redhat 1

aix 1

centos 1

suse 3

altlinux 6

archlinux 1

freebsd_advisory 1

freebsd 1

cisco 1

slackware 1

kaspersky 2

mageia 1

amazon 1

oracle 8

cve

CVE-2014-3571

2015-01-09 02:59:01

CVE-2015-3571

2016-04-26 10:59:00

checkpoint_advisories

OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)

2015-01-14 00:00:00

ubuntucve

CVE-2014-3571

2015-01-08 00:00:00

K16123 : OpenSSL vulnerability CVE-2014-3571

2015-09-18 00:00:00

SOL16123 - OpenSSL vulnerability CVE-2014-3571

2015-02-11 00:00:00

nessus

F5 Networks BIG-IP : OpenSSL vulnerability (SOL16123)

2015-02-12 00:00:00

Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)

2015-01-13 00:00:00

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK)

2015-03-26 00:00:00

cvelist

CVE-2014-3571

2015-01-09 02:00:00

prion

Null pointer dereference

2015-01-09 02:59:00

debiancve

CVE-2014-3571

2015-01-09 02:59:01

nvd

CVE-2014-3571

2015-01-09 02:59:01

CVE-2015-3571

2016-04-26 10:59:00

veracode

Denial Of Service (DoS) Through Null Pointer Dereference

2017-02-06 06:41:02

oraclelinux

openssl security update

2015-12-14 00:00:00

openssl security update

2016-05-31 00:00:00

openssl security update

2015-02-26 00:00:00

openvas

Oracle: Security Advisory (ELSA-2015-2616)

2015-12-15 00:00:00

Fedora Update for openssl FEDORA-2015-0512

2015-01-14 00:00:00

Oracle: Security Advisory (ELSA-2015-3010)

2015-10-06 00:00:00

fedora

[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21

2015-01-13 00:02:20

[SECURITY] Fedora 20 Update: openssl-1.0.1e-41.fc20

2015-01-20 21:05:44

[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20

2015-03-23 07:18:26

osv

openssl - security update

2015-01-11 00:00:00

openssl - security update

2015-01-11 00:00:00

libopenssl-1_1-devel-1.1.1l-1.2 on GA media

2024-06-15 00:00:00

debian

[SECURITY] [DLA 132-1] openssl security update

2015-01-11 13:16:17

[SECURITY] [DSA 3125-1] openssl security update

2015-01-11 11:05:13

[SECURITY] [DSA 3125-1] openssl security update

2015-01-11 11:05:13

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)

2019-01-31 01:55:01

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)

2018-06-17 14:56:42

Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

2020-02-05 00:09:48

ubuntu

OpenSSL vulnerabilities

2015-01-12 00:00:00

securityvulns

[USN-2459-1] OpenSSL vulnerabilities

2015-01-13 00:00:00

OpenSSL multiple security vulnerabilities

2015-01-13 00:00:00

HP Version Control Repository Manager multiple security vulnerabilities

2015-09-14 00:00:00

redhat

(RHSA-2015:0066) Moderate: openssl security update

2015-01-20 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-02-04 06:24:41

centos

openssl security update

2015-01-20 21:00:39

suse

Security update for openssl (important)

2015-01-23 20:05:13

Security update for MySQL (important)

2015-05-26 15:04:53

Security update for libopenssl0_9_8 (important)

2016-03-03 14:11:44

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1

2015-01-12 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1

2015-01-12 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt1

2015-01-12 00:00:00

archlinux

openssl: multiple issues

2015-01-09 00:00:00

freebsd_advisory

FreeBSD-SA-15:01.openssl

2015-01-14 00:00:00

freebsd

OpenSSL -- multiple vulnerabilities

2015-01-08 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

2015-03-10 16:00:00

slackware

[slackware-security] openssl

2015-01-09 18:34:39

kaspersky

KLA10460 Multiple vulnerabilities in OpenSSL

2015-01-08 00:00:00

KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox

2015-07-14 00:00:00

mageia

Updated openssl packages fix security vulnerabilities

2015-01-11 22:54:28

amazon

Medium: openssl

2015-01-11 12:36:00

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Oracle Critical Patch Update Advisory - October 2015

2015-10-20 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.7

Confidence

High

EPSS

0.651

Percentile

98.0%

JSON

Related for OPENSSL:CVE-2014-3571