PT-2014-1703 · Openssl+7 · Openssl+7

Published

2014-10-15

Updated

2024-06-15

CVE-2014-3513

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1j

Description The issue is related to a memory leak in the DTLS SRTP extension in OpenSSL, which can be exploited by remote attackers to cause a denial of service due to excessive memory consumption. This can be achieved through specially crafted handshake messages. The vulnerability may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1j, update to version 1.0.1j or later to resolve the issue. As a temporary workaround, consider restricting access to the DTLS SRTP extension until a patch is available.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-2312

BDU:2015-00653

BDU:2015-09775

CESA-2014_1652

CVE-2014-3513

DSA-3053-1

MGASA-2014-0416

OPENSUSE-SU-2014_1331-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:1652

RHSA-2014:1692

RHSA-2014_1652

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2014_1357-1

SUSE-SU-2014_1386-1

SUSE-SU-2014_1524-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-2015:1185-1

SUSE-SU-403

USN-2385-1

Affected Products

Alt Linux

Centos

Ibm Aix

Openssl

Red Hat

Suse

Ubuntu

Vmware Vcenter

PT-2014-1703 · Openssl+7 · Openssl+7

CVE-2014-3513

Weakness Enumeration

Related Identifiers

Affected Products

References · 339