CVE - CVE-2014-3470

CVE-ID
CVE-2014-3470	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 CONFIRM:http://www.openssl.org/news/secadv_20140605.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1103600 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676496 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg24037761 CONFIRM:http://www.blackberry.com/btsc/KB36051 CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015264 CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015300 CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678289 CONFIRM:http://www.splunk.com/view/SP-CAAAM2D CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 CONFIRM:http://support.apple.com/kb/HT6443 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683332 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc CONFIRM:http://support.citrix.com/article/CTX140876 CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675821 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676356 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24037783 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0006.html CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676501 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676615 CONFIRM:http://www.f-secure.com/en/web/labs_global/fsc-2014-6 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675626 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676071 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676529 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676879 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676889 CONFIRM:https://www.novell.com/support/kb/doc.php?id=7015271 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676793 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677836 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl FEDORA:FEDORA-2014-9301 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html FEDORA:FEDORA-2014-9308 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html GENTOO:GLSA-201407-05 URL:http://security.gentoo.org/glsa/glsa-201407-05.xml HP:HPSBGN03050 URL:http://marc.info/?l=bugtraq&m=140482916501310&w=2 HP:HPSBMU03051 URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2 HP:HPSBMU03055 URL:http://marc.info/?l=bugtraq&m=140431828824371&w=2 HP:HPSBMU03056 URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2 HP:HPSBMU03057 URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2 HP:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 HP:HPSBMU03065 URL:http://marc.info/?l=bugtraq&m=140491231331543&w=2 HP:HPSBMU03069 URL:http://marc.info/?l=bugtraq&m=140499827729550&w=2 HP:HPSBMU03074 URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2 HP:HPSBMU03076 URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2 HP:HPSBOV03047 URL:http://marc.info/?l=bugtraq&m=140317760000786&w=2 HP:HPSBUX03046 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 HP:SSRT101590 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 MANDRIVA:MDVSA-2015:062 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 MANDRIVA:MDVSA-2014:105 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 MANDRIVA:MDVSA-2014:106 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 SUSE:SUSE-SU-2015:0578 URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SUSE:openSUSE-SU-2016:0640 URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html SUSE:SUSE-SU-2015:0743 URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html BID:67898 URL:http://www.securityfocus.com/bid/67898 SECUNIA:58797 URL:http://secunia.com/advisories/58797 SECUNIA:58579 URL:http://secunia.com/advisories/58579 SECUNIA:59191 URL:http://secunia.com/advisories/59191 SECUNIA:58939 URL:http://secunia.com/advisories/58939 SECUNIA:59120 URL:http://secunia.com/advisories/59120 SECUNIA:59126 URL:http://secunia.com/advisories/59126 SECUNIA:59162 URL:http://secunia.com/advisories/59162 SECUNIA:59300 URL:http://secunia.com/advisories/59300 SECUNIA:59438 URL:http://secunia.com/advisories/59438 SECUNIA:59442 URL:http://secunia.com/advisories/59442 SECUNIA:59450 URL:http://secunia.com/advisories/59450 SECUNIA:59491 URL:http://secunia.com/advisories/59491 SECUNIA:59495 URL:http://secunia.com/advisories/59495 SECUNIA:59514 URL:http://secunia.com/advisories/59514 SECUNIA:59490 URL:http://secunia.com/advisories/59490 SECUNIA:59655 URL:http://secunia.com/advisories/59655 SECUNIA:59721 URL:http://secunia.com/advisories/59721 SECUNIA:59413 URL:http://secunia.com/advisories/59413 SECUNIA:59669 URL:http://secunia.com/advisories/59669 SECUNIA:59301 URL:http://secunia.com/advisories/59301 SECUNIA:59659 URL:http://secunia.com/advisories/59659 SECUNIA:59666 URL:http://secunia.com/advisories/59666 SECUNIA:59459 URL:http://secunia.com/advisories/59459 SECUNIA:59895 URL:http://secunia.com/advisories/59895 SECUNIA:59342 URL:http://secunia.com/advisories/59342 SECUNIA:59451 URL:http://secunia.com/advisories/59451 SECUNIA:59916 URL:http://secunia.com/advisories/59916 SECUNIA:59784 URL:http://secunia.com/advisories/59784 SECUNIA:59990 URL:http://secunia.com/advisories/59990 SECUNIA:60571 URL:http://secunia.com/advisories/60571 SECUNIA:61254 URL:http://secunia.com/advisories/61254 SECUNIA:58615 URL:http://secunia.com/advisories/58615 SECUNIA:58667 URL:http://secunia.com/advisories/58667 SECUNIA:58714 URL:http://secunia.com/advisories/58714 SECUNIA:59167 URL:http://secunia.com/advisories/59167 SECUNIA:59189 URL:http://secunia.com/advisories/59189 SECUNIA:59192 URL:http://secunia.com/advisories/59192 SECUNIA:59282 URL:http://secunia.com/advisories/59282 SECUNIA:59284 URL:http://secunia.com/advisories/59284 SECUNIA:59340 URL:http://secunia.com/advisories/59340 SECUNIA:59362 URL:http://secunia.com/advisories/59362 SECUNIA:59365 URL:http://secunia.com/advisories/59365 SECUNIA:59437 URL:http://secunia.com/advisories/59437 SECUNIA:59460 URL:http://secunia.com/advisories/59460 SECUNIA:59223 URL:http://secunia.com/advisories/59223 SECUNIA:59431 URL:http://secunia.com/advisories/59431 SECUNIA:59445 URL:http://secunia.com/advisories/59445 SECUNIA:59483 URL:http://secunia.com/advisories/59483 SECUNIA:58742 URL:http://secunia.com/advisories/58742 SECUNIA:59175 URL:http://secunia.com/advisories/59175 SECUNIA:59264 URL:http://secunia.com/advisories/59264 SECUNIA:59287 URL:http://secunia.com/advisories/59287 SECUNIA:59306 URL:http://secunia.com/advisories/59306 SECUNIA:59310 URL:http://secunia.com/advisories/59310 SECUNIA:59364 URL:http://secunia.com/advisories/59364 SECUNIA:59440 URL:http://secunia.com/advisories/59440 SECUNIA:59441 URL:http://secunia.com/advisories/59441 SECUNIA:59449 URL:http://secunia.com/advisories/59449 SECUNIA:58337 URL:http://secunia.com/advisories/58337 SECUNIA:58713 URL:http://secunia.com/advisories/58713 SECUNIA:58716 URL:http://secunia.com/advisories/58716 SECUNIA:58945 URL:http://secunia.com/advisories/58945 SECUNIA:58977 URL:http://secunia.com/advisories/58977 SECUNIA:59518 URL:http://secunia.com/advisories/59518 SECUNIA:59525 URL:http://secunia.com/advisories/59525
Assigning CNA
N/A
Date Entry Created
20140514	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140514)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org