PT-2014-1703 · Openssl+7 · Openssl+7

Publicado

2014-10-15

Atualizado

2024-06-15

CVE-2014-3513

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1j

Description The issue is related to a memory leak in the DTLS SRTP extension in OpenSSL, which can be exploited by remote attackers to cause a denial of service due to excessive memory consumption. This can be achieved through specially crafted handshake messages. The vulnerability may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1j, update to version 1.0.1j or later to resolve the issue. As a temporary workaround, consider restricting access to the DTLS SRTP extension until a patch is available.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2014-2312

BDU:2015-00653

BDU:2015-09775

CESA-2014_1652

CVE-2014-3513

DSA-3053-1

MGASA-2014-0416

OPENSUSE-SU-2014_1331-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:1652

RHSA-2014:1692

RHSA-2014_1652

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2014_1357-1

SUSE-SU-2014_1386-1

SUSE-SU-2014_1524-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-2015:1185-1

SUSE-SU-403

USN-2385-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Openssl

Red Hat

Suse

Ubuntu

Vmware Vcenter

PT-2014-1703 · Openssl+7 · Openssl+7

CVE-2014-3513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 339