CVE-2014-3506

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Resource Management Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2010-5298, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3505, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-5139

Published on 14/08/14 - Updated on 29/08/17

Description

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2014-3506
Amazon Linux ALAS-2014-391
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-344, CERTFR-2014-AVI-395, CERTFR-2014-AVI-409, CERTFR-2014-AVI-449, CERTFR-2015-AVI-072
CentOS CESA-2014:1052, CESA-2014:1053
Debian DSA-2998-1
Debian LTSDLA-33-1
Oracle Linux ELSA-2014-1052, ELSA-2014-1053, ELSA-2014-1652, ELSA-2014-1653
Redhat RHSA-2014:1052, RHSA-2014:1053
Renater 2014/VULN152
SUSE SUSE-SU-2014:1049, SUSE-SU-2014:1104
Ubuntu USN-2308-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
opensslopenssl

Share this vulnerability with:

Twitter Facebook LinkedIn Mail