Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.150708
Category:Denial of Service
Title:OpenSSL DoS Vulnerability (20141015) - Linux
Summary:OpenSSL is prone to a denial of service (DoS) vulnerability.
Description:Summary:
OpenSSL is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
A flaw in the DTLS SRTP extension parsing code allows an
attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to
64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This
issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether
SRTP is used or configured.

Affected Software/OS:
OpenSSL version 1.0.1 through 1.0.1i.

Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.

Solution:
Update to version 1.0.1j or later.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3513
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
BugTraq ID: 70584
http://www.securityfocus.com/bid/70584
Debian Security Information: DSA-3053 (Google Search)
http://www.debian.org/security/2014/dsa-3053
http://security.gentoo.org/glsa/glsa-201412-39.xml
HPdes Security Advisory: HPSBGN03233
http://marc.info/?l=bugtraq&m=142118135300698&w=2
HPdes Security Advisory: HPSBHF03300
http://marc.info/?l=bugtraq&m=142804214608580&w=2
HPdes Security Advisory: HPSBMU03223
http://marc.info/?l=bugtraq&m=143290583027876&w=2
HPdes Security Advisory: HPSBMU03260
http://marc.info/?l=bugtraq&m=142495837901899&w=2
HPdes Security Advisory: HPSBMU03261
http://marc.info/?l=bugtraq&m=143290522027658&w=2
HPdes Security Advisory: HPSBMU03263
http://marc.info/?l=bugtraq&m=143290437727362&w=2
HPdes Security Advisory: HPSBMU03267
http://marc.info/?l=bugtraq&m=142624590206005&w=2
HPdes Security Advisory: HPSBMU03296
http://marc.info/?l=bugtraq&m=142834685803386&w=2
HPdes Security Advisory: HPSBMU03304
http://marc.info/?l=bugtraq&m=142791032306609&w=2
HPdes Security Advisory: SSRT101739
HPdes Security Advisory: SSRT101868
HPdes Security Advisory: SSRT101894
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
NETBSD Security Advisory: NetBSD-SA2014-015
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
RedHat Security Advisories: RHSA-2014:1652
http://rhn.redhat.com/errata/RHSA-2014-1652.html
RedHat Security Advisories: RHSA-2014:1692
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://www.securitytracker.com/id/1031052
http://secunia.com/advisories/59627
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61207
http://secunia.com/advisories/61298
http://secunia.com/advisories/61439
http://secunia.com/advisories/61837
http://secunia.com/advisories/61959
http://secunia.com/advisories/61990
http://secunia.com/advisories/62070
SuSE Security Announcement: SUSE-SU-2014:1357 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
SuSE Security Announcement: openSUSE-SU-2014:1331 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://www.ubuntu.com/usn/USN-2385-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.