CVE-2014-2896

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.

Ссылки

http://seclists.org/oss-sec/2014/q2/126
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q2/130
Mailing List
Third Party Advisory
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Vendor Advisory
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
Vendor Advisory
http://seclists.org/oss-sec/2014/q2/126
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q2/130
Mailing List
Third Party Advisory
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Vendor Advisory
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.9.4 (исключая)

EPSS

Процентиль: 77%

0.01008

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2014-2896

CVSS3: 9.8

debian

около 6 лет назад

The DoAlert function in the (1) TLS and (2) DTLS implementations in wo ...

GHSA-9jr6-gjfw-x322

github

больше 3 лет назад