Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0198

Опубликовано: 21 апр. 2014
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Отчет

This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6guest-imagesNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1093837openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

EPSS

Процентиль: 97%
0.34862
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0198

ubuntu
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

nvd логотип

CVE-2014-0198

nvd
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

debian логотип

CVE-2014-0198

debian
больше 11 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...

github логотип

GHSA-f647-2p86-g4x9

github
около 3 лет назад

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

oracle-oval логотип

ELSA-2014-0679

oracle-oval
около 11 лет назад

ELSA-2014-0679: openssl security update (IMPORTANT)

EPSS

Процентиль: 97%
0.34862
Средний

4.3 Medium

CVSS2