CVE-2014-0198

Scores

EPSS

0.309low30.9%
0%20%40%60%80%100%

Percentile: 30.9%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-476

Related Vulnerabilities

Vulnerable Software (16)

Type: Configuration

Product: openssl

Operating System: ubuntu trusty 14.04

Trait:
{  "fixed": "1.0.1f-1ubuntu2.1"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: rhel 6

Trait:
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 7

Trait:
{  "fixed": "1.0.1e-34.el7_0.3"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel

Trait:
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: debian

Trait:
{  "fixed": "1.0.1g-4"}

Source: debian

Type: Configuration

Product: openssl

Operating System: debian squeeze 6

Trait:
{  "unaffected": true}

Source: debian

Type: Configuration

Product: openssl098

Operating System: ubuntu trusty 14.04

Trait:
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Vendor: debian

Product: debian_linux

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: fedoraproject

Product: fedora

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: mariadb

Product: mariadb

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",      "versionEndExcluding": "10.0.13",      "versionStartIncluding": "10.0.0",      "vulnerable": true    }...

Source: nvd