CVE-2014-3507

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1i OpenSSL versions prior to 1.0.0n OpenSSL versions prior to 0.9.8zb OpenSSL version 1.0.1j and earlier

Description The issue is related to multiple vulnerabilities in the OpenSSL package, which can lead to a violation of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A memory leak in the DTLS implementation allows remote attackers to cause a denial of service via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

Recommendations For OpenSSL versions prior to 1.0.1i, update to version 1.0.1i or later to resolve the issue. For OpenSSL versions prior to 1.0.0n, update to version 1.0.0n or later to resolve the issue. For OpenSSL versions prior to 0.9.8zb, update to version 0.9.8zb or later to resolve the issue. As a temporary workaround, consider restricting access to the DTLS implementation until a patch is available. Avoid using zero-length DTLS fragments in the affected API endpoint until the issue is resolved.