FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3510

This CVE name corresponds to:

Entered Topic
2014-08-06 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3510 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3510
Phase Assigned(20140514)

Description

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
CONFIRM https://www.openssl.org/news/secadv_20140806.txt
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1053.html
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682293
DEBIAN DSA-2998
GENTOO GLSA-201412-39
HP HPSBOV03099
HP HPSBUX03095
HP SSRT101674
HP HPSBHF03293
HP SSRT101846
NETBSD NetBSD-SA2014-008
REDHAT RHSA-2014:1256
REDHAT RHSA-2014:1297
SUSE openSUSE-SU-2014:1052
BID 69082
SECUNIA 59221
SECUNIA 60687
SECUNIA 60824
SECUNIA 60917
SECUNIA 60921
SECUNIA 60938
SECUNIA 61775
SECUNIA 61959
SECUNIA 59756

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.