FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3513

This CVE name corresponds to:

Entered Topic
2014-10-15 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3513 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3513
Phase Assigned(20140514)

Description

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d
CONFIRM https://www.openssl.org/news/secadv_20141015.txt
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
CONFIRM http://advisories.mageia.org/MGASA-2014-0416.html
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html
CONFIRM https://support.apple.com/HT205217
APPLE APPLE-SA-2015-09-16-2
DEBIAN DSA-3053
GENTOO GLSA-201412-39
HP HPSBMU03260
HP SSRT101894
HP HPSBGN03233
HP SSRT101739
HP SSRT101868
HP HPSBMU03267
HP HPSBMU03304
HP HPSBMU03296
HP HPSBHF03300
MANDRIVA MDVSA-2015:062
NETBSD NetBSD-SA2014-015
REDHAT RHSA-2014:1652
REDHAT RHSA-2014:1692
SUSE openSUSE-SU-2014:1331
SUSE SUSE-SU-2014:1357
UBUNTU USN-2385-1
BID 70584
SECTRACK 1031052
SECUNIA 61207
SECUNIA 59627
SECUNIA 61058
SECUNIA 61073
SECUNIA 61298
SECUNIA 61439
SECUNIA 61837
SECUNIA 61959
SECUNIA 61990
SECUNIA 62070

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.