ID CVE-2014-5139
Summary The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. <a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 07-01-2017 - 03:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 69077
confirm
debian DSA-2998
freebsd FreeBSD-SA-14:18
gentoo GLSA-201412-39
hp
  • HPSBHF03293
  • HPSBMU03216
  • HPSBMU03259
  • HPSBMU03260
  • HPSBMU03261
  • HPSBMU03262
  • HPSBMU03263
  • HPSBMU03267
  • HPSBMU03283
  • HPSBMU03304
  • SSRT101818
  • SSRT101846
  • SSRT101894
  • SSRT101916
  • SSRT101921
  • SSRT101922
mlist [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
netbsd NetBSD-SA2014-008
sectrack 1030693
secunia
  • 59700
  • 59710
  • 59756
  • 60022
  • 60221
  • 60493
  • 60803
  • 60810
  • 60917
  • 60921
  • 61017
  • 61100
  • 61171
  • 61184
  • 61392
  • 61775
  • 61959
suse openSUSE-SU-2014:1052
Last major update 07-01-2017 - 03:00
Published 13-08-2014 - 23:55
Back to Top