PT-2014-1697 · Openssl+7 · Openssl+7

Published

2014-08-06

·

Updated

2024-06-15

·

CVE-2014-3506

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8 through 0.9.8zb OpenSSL versions 1.0.0 through 1.0.0n OpenSSL versions 1.0.1 through 1.0.1i
Description The issue allows remote attackers to cause a denial of service due to excessive memory consumption. This is achieved through specially crafted DTLS handshake messages that trigger memory allocations for large length values. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.
Recommendations For OpenSSL versions 0.9.8 through 0.9.8zb, update to version 0.9.8zb or later. For OpenSSL versions 1.0.0 through 1.0.0n, update to version 1.0.0n or later. For OpenSSL versions 1.0.1 through 1.0.1i, update to version 1.0.1i or later. As a temporary workaround, consider restricting the use of DTLS handshake messages to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-2312
BDU:2015-00647
BDU:2015-09775
CESA-2014_1052
CVE-2014-3506
DLA-33-1
DSA-2998-1
HPSBUX03095
MGASA-2014-0325
OPENSUSE-SU-2016_0640-1
OPENSUSE-SU-2024:10271-1
OPENSUSE-SU-2024:10309-1
OPENSUSE-SU-2024:10529-1
OPENSUSE-SU-2024:11127-1
RHSA-2014:1052
RHSA-2014:1053
RHSA-2014:1054
RHSA-2014_1052
RHSA-2014_1053
SUSE-FU-2022:0445-1
SUSE-RU-2015:0769-1
SUSE-SU-2015:0545-1
SUSE-SU-2015:0545-2
SUSE-SU-2015:0546-1
SUSE-SU-2015:1182-1
SUSE-SU-2015:1182-2
SUSE-SU-2015:1184-1
SUSE-SU-2015:1184-2
SUSE-SU-2015:1185-1
SUSE-SU-403
USN-2308-1

Affected Products

Alt Linux
Centos
Hp-Ux
Ibm Aix
Openssl
Red Hat
Suse
Ubuntu