FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3512

This CVE name corresponds to:

Entered Topic
2014-08-06 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3512 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3512
Phase Assigned(20140514)

Description

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b
CONFIRM https://www.openssl.org/news/secadv_20140806.txt
CONFIRM http://www.tenable.com/security/tns-2014-06
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682293
DEBIAN DSA-2998
GENTOO GLSA-201412-39
HP HPSBHF03293
HP SSRT101846
NETBSD NetBSD-SA2014-008
SUSE openSUSE-SU-2014:1052
BID 69083
SECUNIA 60810
SECUNIA 60917
SECUNIA 60921
SECUNIA 61775
SECUNIA 61959
SECUNIA 59756

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.