- Home
- CVEs with nessus.description==The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities :
- OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client or server, which forces it to run arbitrary code on a vulnerable client or server. (CVE-2014-0195)
- An attacker could cause a denial of service by exploiting a flaw in the do_ssl3_write function via a NULL pointer dereference. NOTE: Only versions 1.0.1.500 through 1.0.1.510 are vulnerable. (CVE-2014-0198)
- An attacker could cause a denial of service by sending an invalid DTLS handshake to an OpenSSL DTLS client, resulting in recursive execution of code and an eventual crash. (CVE-2014-0221)
- An attacker could use a man-in-the-middle (MITM) attack to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. The attacker could decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. (CVE-2014-0224)
- An attacker could cause a denial of service by exploiting OpenSSL's anonymous ECDH cipher suites present within OpenSSL clients. (CVE-2014-3470)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top