PT-2014-1877 · Openssl+9 · Openssl+9

Publicado

2014-05-02

Atualizado

2024-06-15

CVE-2014-0198

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.x through 1.0.1g

Description The issue is related to the do ssl3 write function in s3 pkt.c when SSL MODE RELEASE BUFFERS is enabled. It does not properly manage a buffer pointer during certain recursive calls, allowing remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 1.x through 1.0.1g, consider disabling the SSL MODE RELEASE BUFFERS mode as a temporary workaround until a patch is available. Restrict access to the do ssl3 write function to minimize the risk of exploitation. Update to a version later than 1.0.1g when available.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2015-09698

CESA-2014_0625

CVE-2014-0198

DSA-2931-1

MGASA-2014-0204

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:0625

RHSA-2014:0628

RHSA-2014:0679

RHSA-2014_0625

RHSA-2014_0679

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:0743-1

SUSE-SU-2015:1185-1

USN-2192-1

Produtos afetados

Centos

Huawei Vrp

Ibm Aix

Junos

Mariadb Server

Openssl

Red Hat

Suse

Ubuntu

Vmware Vcenter

PT-2014-1877 · Openssl+9 · Openssl+9

CVE-2014-0198

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 377