Russian Vulnerability Scanner Database

Back to List

CVE-2014-0198

Scores

EPSS

0.330low33.0%
0%20%40%60%80%100%

Percentile: 33.0%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-476

Related Vulnerabilities

BDU:2015-09698

Exploits

Exploit ID: CVE-2014-0195

Source: github-poc

URL: https://github.com/PezwariNaan/CVE-2014-0195

Exploit ID: CVE-2014-0224

Source: github-poc

URL: https://github.com/secretnonempty/CVE-2014-0224

Vulnerable Software (16)

Type: Configuration

Product: openssl

Operating System: rhel 6

Trait: 
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 7

Trait: 
{  "fixed": "1.0.1e-34.el7_0.3"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "1.0.1f-1ubuntu2.1"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: debian

Trait: 
{  "fixed": "1.0.1g-4"}

Source: debian

Type: Configuration

Product: openssl

Operating System: debian squeeze 6

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: openssl098

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_desktop

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_software_development_kit

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_workstation_extension

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: mariadb

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",      "versionEndExcluding": "10.0.13",      "versionStartIncluding": "10.0.0",      "vulnerable": true    }...

Source: nvd

Type: Configuration

Vendor: *

Product: openssl

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndIncluding": "1.0.1g",      "versionStartIncluding": "1.0.0",      "vulnerable": true    }  ...

Source: nvd

Type: Configuration

Vendor: *

Product: opensuse

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", ...

Source: nvd

End of list