CVE - CVE-2014-0198

CVE-ID
CVE-2014-0198	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1093837 CONFIRM:https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 CONFIRM:http://www.openssl.org/news/secadv_20140605.txt CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 CONFIRM:http://www.blackberry.com/btsc/KB36051 CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.fortiguard.com/advisory/FG-IR-14-018/ CONFIRM:http://puppetlabs.com/security/cve/cve-2014-0198 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683332 CONFIRM:http://advisories.mageia.org/MGASA-2014-0204.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc CONFIRM:http://support.citrix.com/article/CTX140876 CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676356 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24037783 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0006.html CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676529 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676879 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676889 CONFIRM:https://www.novell.com/support/kb/doc.php?id=7015271 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677836 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl DEBIAN:DSA-2931 URL:http://www.debian.org/security/2014/dsa-2931 FEDORA:FEDORA-2014-9301 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html FEDORA:FEDORA-2014-9308 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html GENTOO:GLSA-201407-05 URL:http://security.gentoo.org/glsa/glsa-201407-05.xml HP:HPSBGN03068 URL:http://marc.info/?l=bugtraq&m=140544599631400&w=2 HP:HPSBHF03052 URL:http://marc.info/?l=bugtraq&m=141658880509699&w=2 HP:HPSBMU03051 URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2 HP:HPSBMU03055 URL:http://marc.info/?l=bugtraq&m=140431828824371&w=2 HP:HPSBMU03056 URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2 HP:HPSBMU03057 URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2 HP:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 HP:HPSBMU03074 URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2 HP:HPSBMU03076 URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2 MANDRIVA:MDVSA-2015:062 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 MANDRIVA:MDVSA-2014:080 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:080 OPENBSD:[5.5] 005: RELIABILITY FIX: May 1, 2014 URL:http://www.openbsd.org/errata55.html#005_openssl SUSE:openSUSE-SU-2014:0634 URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html SUSE:openSUSE-SU-2014:0635 URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html SUSE:SUSE-SU-2015:0743 URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html BID:67193 URL:http://www.securityfocus.com/bid/67193 SECUNIA:58939 URL:http://secunia.com/advisories/58939 SECUNIA:59126 URL:http://secunia.com/advisories/59126 SECUNIA:59162 URL:http://secunia.com/advisories/59162 SECUNIA:59300 URL:http://secunia.com/advisories/59300 SECUNIA:59438 URL:http://secunia.com/advisories/59438 SECUNIA:59450 URL:http://secunia.com/advisories/59450 SECUNIA:59491 URL:http://secunia.com/advisories/59491 SECUNIA:59514 URL:http://secunia.com/advisories/59514 SECUNIA:59490 URL:http://secunia.com/advisories/59490 SECUNIA:59655 URL:http://secunia.com/advisories/59655 SECUNIA:59721 URL:http://secunia.com/advisories/59721 SECUNIA:59413 URL:http://secunia.com/advisories/59413 SECUNIA:59669 URL:http://secunia.com/advisories/59669 SECUNIA:59301 URL:http://secunia.com/advisories/59301 SECUNIA:59666 URL:http://secunia.com/advisories/59666 SECUNIA:59342 URL:http://secunia.com/advisories/59342 SECUNIA:60049 URL:http://secunia.com/advisories/60049 SECUNIA:60066 URL:http://secunia.com/advisories/60066 SECUNIA:59784 URL:http://secunia.com/advisories/59784 SECUNIA:59990 URL:http://secunia.com/advisories/59990 SECUNIA:60571 URL:http://secunia.com/advisories/60571 SECUNIA:61254 URL:http://secunia.com/advisories/61254 SECUNIA:58667 URL:http://secunia.com/advisories/58667 SECUNIA:58714 URL:http://secunia.com/advisories/58714 SECUNIA:59190 URL:http://secunia.com/advisories/59190 SECUNIA:59202 URL:http://secunia.com/advisories/59202 SECUNIA:59282 URL:http://secunia.com/advisories/59282 SECUNIA:59284 URL:http://secunia.com/advisories/59284 SECUNIA:59398 URL:http://secunia.com/advisories/59398 SECUNIA:59437 URL:http://secunia.com/advisories/59437 SECUNIA:59163 URL:http://secunia.com/advisories/59163 SECUNIA:59264 URL:http://secunia.com/advisories/59264 SECUNIA:59287 URL:http://secunia.com/advisories/59287 SECUNIA:59306 URL:http://secunia.com/advisories/59306 SECUNIA:59310 URL:http://secunia.com/advisories/59310 SECUNIA:59374 URL:http://secunia.com/advisories/59374 SECUNIA:59440 URL:http://secunia.com/advisories/59440 SECUNIA:59449 URL:http://secunia.com/advisories/59449 SECUNIA:58337 URL:http://secunia.com/advisories/58337 SECUNIA:58713 URL:http://secunia.com/advisories/58713 SECUNIA:58945 URL:http://secunia.com/advisories/58945 SECUNIA:58977 URL:http://secunia.com/advisories/58977 SECUNIA:59525 URL:http://secunia.com/advisories/59525 SECUNIA:59529 URL:http://secunia.com/advisories/59529
Assigning CNA
N/A
Date Entry Created
20131203	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org