PT-2014-1694 · Openssl+7 · Openssl+7

Publicado

2014-08-06

·

Atualizado

2024-06-15

·

CVE-2014-3505

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8 through 0.9.8zb OpenSSL versions 1.0.0 through 1.0.0n OpenSSL versions 1.0.1 through 1.0.1i
Description The issue is related to a double free vulnerability in the DTLS implementation. This vulnerability allows remote attackers to cause a denial of service, resulting in an application crash, via crafted DTLS packets that trigger an error condition. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.
Recommendations For OpenSSL versions 0.9.8 through 0.9.8zb, update to version 0.9.8zb or later. For OpenSSL versions 1.0.0 through 1.0.0n, update to version 1.0.0n or later. For OpenSSL versions 1.0.1 through 1.0.1i, update to version 1.0.1i or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-2312
BDU:2015-00644
BDU:2015-09775
CESA-2014_1052
CVE-2014-3505
DLA-33-1
DSA-2998-1
HPSBUX03095
MGASA-2014-0325
OPENSUSE-SU-2016_0640-1
OPENSUSE-SU-2024:10271-1
OPENSUSE-SU-2024:10529-1
OPENSUSE-SU-2024:11127-1
RHSA-2014:1052
RHSA-2014:1053
RHSA-2014:1054
RHSA-2014_1052
RHSA-2014_1053
SUSE-FU-2022:0445-1
SUSE-RU-2015:0769-1
SUSE-SU-2014_1033-1
SUSE-SU-2014_1049-1
SUSE-SU-2014_1104-1
SUSE-SU-2015:0545-1
SUSE-SU-2015:0545-2
SUSE-SU-2015:0546-1
SUSE-SU-2015:1182-1
SUSE-SU-2015:1182-2
SUSE-SU-2015:1184-1
SUSE-SU-2015:1184-2
SUSE-SU-2015:1185-1
SUSE-SU-403
USN-2308-1

Produtos afetados

Alt Linux
Centos
Hp-Ux
Ibm Aix
Openssl
Red Hat
Suse
Ubuntu