CVE - CVE-2014-5139

CVE-ID
CVE-2014-5139	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:69077 URL:http://www.securityfocus.com/bid/69077 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682293 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683389 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686997 CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm CONFIRM:http://www.tenable.com/security/tns-2014-06 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e CONFIRM:https://www.openssl.org/news/secadv_20140806.txt DEBIAN:DSA-2998 URL:http://www.debian.org/security/2014/dsa-2998 FREEBSD:FreeBSD-SA-14:18 URL:https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc GENTOO:GLSA-201412-39 URL:http://security.gentoo.org/glsa/glsa-201412-39.xml HP:HPSBHF03293 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 HP:HPSBMU03216 URL:http://marc.info/?l=bugtraq&m=142350350616251&w=2 HP:HPSBMU03259 URL:http://marc.info/?l=bugtraq&m=142624619906067&w=2 HP:HPSBMU03260 URL:http://marc.info/?l=bugtraq&m=142495837901899&w=2 HP:HPSBMU03261 URL:http://marc.info/?l=bugtraq&m=143290522027658&w=2 HP:HPSBMU03262 URL:http://marc.info/?l=bugtraq&m=142624719706349&w=2 HP:HPSBMU03263 URL:http://marc.info/?l=bugtraq&m=143290437727362&w=2 HP:HPSBMU03267 URL:http://marc.info/?l=bugtraq&m=142624590206005&w=2 HP:HPSBMU03283 URL:http://marc.info/?l=bugtraq&m=142624679706236&w=2 HP:HPSBMU03304 URL:http://marc.info/?l=bugtraq&m=142791032306609&w=2 HP:SSRT101818 URL:http://marc.info/?l=bugtraq&m=142350350616251&w=2 HP:SSRT101846 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 HP:SSRT101894 URL:http://marc.info/?l=bugtraq&m=142495837901899&w=2 HP:SSRT101916 URL:http://marc.info/?l=bugtraq&m=142624679706236&w=2 HP:SSRT101921 URL:http://marc.info/?l=bugtraq&m=142624719706349&w=2 HP:SSRT101922 URL:http://marc.info/?l=bugtraq&m=142624619906067 MLIST:[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released URL:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html NETBSD:NetBSD-SA2014-008 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc SECTRACK:1030693 URL:http://www.securitytracker.com/id/1030693 SECUNIA:59700 URL:http://secunia.com/advisories/59700 SECUNIA:59710 URL:http://secunia.com/advisories/59710 SECUNIA:59756 URL:http://secunia.com/advisories/59756 SECUNIA:60022 URL:http://secunia.com/advisories/60022 SECUNIA:60221 URL:http://secunia.com/advisories/60221 SECUNIA:60493 URL:http://secunia.com/advisories/60493 SECUNIA:60803 URL:http://secunia.com/advisories/60803 SECUNIA:60810 URL:http://secunia.com/advisories/60810 SECUNIA:60917 URL:http://secunia.com/advisories/60917 SECUNIA:60921 URL:http://secunia.com/advisories/60921 SECUNIA:61017 URL:http://secunia.com/advisories/61017 SECUNIA:61100 URL:http://secunia.com/advisories/61100 SECUNIA:61171 URL:http://secunia.com/advisories/61171 SECUNIA:61184 URL:http://secunia.com/advisories/61184 SECUNIA:61392 URL:http://secunia.com/advisories/61392 SECUNIA:61775 URL:http://secunia.com/advisories/61775 SECUNIA:61959 URL:http://secunia.com/advisories/61959 SUSE:openSUSE-SU-2014:1052 URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
Assigning CNA
CERT/CC
Date Record Created
20140730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)