PT-2014-1694 · Openssl+7 · Openssl+7

Published

2014-08-06

·

Updated

2024-06-15

·

CVE-2014-3505

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8 through 0.9.8zb OpenSSL versions 1.0.0 through 1.0.0n OpenSSL versions 1.0.1 through 1.0.1i
Description The issue is related to a double free vulnerability in the DTLS implementation. This vulnerability allows remote attackers to cause a denial of service, resulting in an application crash, via crafted DTLS packets that trigger an error condition. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.
Recommendations For OpenSSL versions 0.9.8 through 0.9.8zb, update to version 0.9.8zb or later. For OpenSSL versions 1.0.0 through 1.0.0n, update to version 1.0.0n or later. For OpenSSL versions 1.0.1 through 1.0.1i, update to version 1.0.1i or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-2312
BDU:2015-00644
BDU:2015-09775
CESA-2014_1052
CVE-2014-3505
DLA-33-1
DSA-2998-1
HPSBUX03095
MGASA-2014-0325
OPENSUSE-SU-2016_0640-1
OPENSUSE-SU-2024:10271-1
OPENSUSE-SU-2024:10529-1
OPENSUSE-SU-2024:11127-1
RHSA-2014:1052
RHSA-2014:1053
RHSA-2014:1054
RHSA-2014_1052
RHSA-2014_1053
SUSE-FU-2022:0445-1
SUSE-RU-2015:0769-1
SUSE-SU-2014_1033-1
SUSE-SU-2014_1049-1
SUSE-SU-2014_1104-1
SUSE-SU-2015:0545-1
SUSE-SU-2015:0545-2
SUSE-SU-2015:0546-1
SUSE-SU-2015:1182-1
SUSE-SU-2015:1182-2
SUSE-SU-2015:1184-1
SUSE-SU-2015:1184-2
SUSE-SU-2015:1185-1
SUSE-SU-403
USN-2308-1

Affected Products

Alt Linux
Centos
Hp-Ux
Ibm Aix
Openssl
Red Hat
Suse
Ubuntu