Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3505

Опубликовано: 06 авг. 2014
Источник: redhat
CVSS2: 5

Описание

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eAffected
Red Hat Enterprise Linux 7openssl098eAffected
Red Hat Enterprise Virtualization 3mingw-virt-viewerAffected
Red Hat JBoss Enterprise Application Platform 5opensslWill not fix
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat Enterprise Linux 5opensslFixedRHSA-2014:105313.08.2014
Red Hat Enterprise Linux 6opensslFixedRHSA-2014:105213.08.2014
Red Hat Enterprise Linux 7opensslFixedRHSA-2014:105213.08.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-672
https://bugzilla.redhat.com/show_bug.cgi?id=1127499openssl: DTLS packet processing double free

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3505

ubuntu
больше 11 лет назад

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

nvd логотип

CVE-2014-3505

nvd
больше 11 лет назад

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

debian логотип

CVE-2014-3505

debian
больше 11 лет назад

Double free vulnerability in d1_both.c in the DTLS implementation in O ...

github логотип

GHSA-fw22-2v92-6x57

github
больше 3 лет назад

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

fstec логотип

BDU:2015-00644

fstec
больше 11 лет назад

Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

5 Medium

CVSS2