FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3509

This CVE name corresponds to:

Entered Topic
2014-08-06 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3509 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3509
Phase Assigned(20140514)

Description

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
CONFIRM https://www.openssl.org/news/secadv_20140806.txt
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682293
DEBIAN DSA-2998
GENTOO GLSA-201412-39
HP HPSBMU03260
HP SSRT101894
HP HPSBMU03216
HP SSRT101818
HP HPSBMU03267
HP HPSBHF03293
HP SSRT101846
HP HPSBMU03304
NETBSD NetBSD-SA2014-008
REDHAT RHSA-2015:0197
SUSE openSUSE-SU-2014:1052
SECUNIA 60917
SECUNIA 60921
SECUNIA 60938
SECUNIA 61775
SECUNIA 61959
SECUNIA 59756

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.