CVE-2014-3512

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1i OpenSSL versions prior to 1.0.1j

Description The issue is related to multiple buffer overflows in the SRP implementation in OpenSSL, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This can be achieved by using an invalid SRP g, A, or B parameter. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1i, update to version 1.0.1i or later to resolve the issue. For OpenSSL versions prior to 1.0.1j, update to version 1.0.1j or later to resolve the issue. As a temporary workaround, consider restricting the use of the SRP implementation until a patch is available. Avoid using invalid SRP parameters g, A, or B in the affected API endpoints until the issue is resolved.