Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3513

Опубликовано: 15 окт. 2014
Источник: redhat
CVSS2: 5
EPSS Средний

Описание

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.

Отчет

This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerAffected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat Enterprise Linux 6opensslFixedRHSA-2014:165216.10.2014
Red Hat Enterprise Linux 7opensslFixedRHSA-2014:165216.10.2014
Red Hat Storage 2.1opensslFixedRHSA-2014:169222.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=1152953openssl: SRTP memory leak causes crash when using specially-crafted handshake message

EPSS

Процентиль: 97%
0.35947
Средний

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3513

ubuntu
почти 11 лет назад

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

nvd логотип

CVE-2014-3513

nvd
почти 11 лет назад

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

debian логотип

CVE-2014-3513

debian
почти 11 лет назад

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 b ...

github логотип

GHSA-mxph-x9r8-xwgr

github
около 3 лет назад

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

fstec логотип

BDU:2015-00653

fstec
почти 11 лет назад

Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность и доступность защищаемой информации

EPSS

Процентиль: 97%
0.35947
Средний

5 Medium

CVSS2