Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0198

Опубликовано: 06 мая 2014
Источник: nvd
CVSS2: 4.3
EPSS Средний

Описание

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия от 1.0.0 (включая) до 1.0.1g (включая)
Конфигурация 2
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Версия от 10.0.0 (включая) до 10.0.13 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.34862
Средний

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2014-0198

ubuntu
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

redhat логотип

CVE-2014-0198

redhat
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

debian логотип

CVE-2014-0198

debian
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...

github логотип

GHSA-f647-2p86-g4x9

github
около 3 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

oracle-oval логотип

ELSA-2014-0679

oracle-oval
около 11 лет назад

ELSA-2014-0679: openssl security update (IMPORTANT)

EPSS

Процентиль: 97%
0.34862
Средний

4.3 Medium

CVSS2

Дефекты

CWE-476
Уязвимость CVE-2014-0198