Lucene search

PRIOn knowledge basePRION:CVE-2014-3567

HistoryOct 19, 2014 - 1:55 a.m.

Memory corruption

2014-10-1901:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.937 High

EPSS

Percentile

99.1%

JSON

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

CPENameOperatorVersion
openssleq1.0.110
openssleq1.0.1 beta2
openssleq1.0.99
openssleq1.0.105
openssleq1.0.0 beta1
openssleq1.0.1104
openssleq1.0.0 beta2
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103

Name	Operator	Version
openssl	eq	1.0.110
openssl	eq	1.0.1 beta2
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.0 beta1
openssl	eq	1.0.1104
openssl	eq	1.0.0 beta2
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103

Rows per page:

1-10 of 341

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

advisories.mageia.org/MGASA-2014-0416.html

aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

rhn.redhat.com/errata/RHSA-2014-1652.html

rhn.redhat.com/errata/RHSA-2014-1692.html

rhn.redhat.com/errata/RHSA-2015-0126.html

secunia.com/advisories/59627

secunia.com/advisories/61058

secunia.com/advisories/61073

secunia.com/advisories/61130

secunia.com/advisories/61207

secunia.com/advisories/61298

secunia.com/advisories/61819

secunia.com/advisories/61837

secunia.com/advisories/61959

secunia.com/advisories/61990

secunia.com/advisories/62030

secunia.com/advisories/62070

secunia.com/advisories/62124

security.gentoo.org/glsa/glsa-201412-39.xml

support.apple.com/HT204244

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-3053

www.mandriva.com/security/advisories?name=MDVSA-2014:203

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/70586

www.securitytracker.com/id/1031052

www.splunk.com/view/SP-CAAANST

www.ubuntu.com/usn/USN-2385-1

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

kc.mcafee.com/corporate/index?page=content&id=SB10091

marc.info/?l=bugtraq&m=141477196830952&w=2

marc.info/?l=bugtraq&m=142103967620673&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=142804214608580&w=2

marc.info/?l=bugtraq&m=142834685803386&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

marc.info/?l=bugtraq&m=143290583027876&w=2

support.apple.com/HT205217

support.citrix.com/article/CTX216642

www.openssl.org/news/secadv_20141015.txt