CVE - CVE-2014-0198

CVE-ID
CVE-2014-0198	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:67193 URL:http://www.securityfocus.com/bid/67193 BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl CONFIRM:http://advisories.mageia.org/MGASA-2014-0204.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 CONFIRM:http://puppetlabs.com/security/cve/cve-2014-0198 CONFIRM:http://support.citrix.com/article/CTX140876 CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676529 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676879 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676889 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677836 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683332 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 CONFIRM:http://www.blackberry.com/btsc/KB36051 CONFIRM:http://www.fortiguard.com/advisory/FG-IR-14-018/ CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676356 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24037783 CONFIRM:http://www.openssl.org/news/secadv_20140605.txt CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0006.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1093837 CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 CONFIRM:https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 CONFIRM:https://www.novell.com/support/kb/doc.php?id=7015271 DEBIAN:DSA-2931 URL:http://www.debian.org/security/2014/dsa-2931 FEDORA:FEDORA-2014-9301 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html FEDORA:FEDORA-2014-9308 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 GENTOO:GLSA-201407-05 URL:http://security.gentoo.org/glsa/glsa-201407-05.xml HP:HPSBGN03068 URL:http://marc.info/?l=bugtraq&m=140544599631400&w=2 HP:HPSBHF03052 URL:http://marc.info/?l=bugtraq&m=141658880509699&w=2 HP:HPSBMU03051 URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2 HP:HPSBMU03055 URL:http://marc.info/?l=bugtraq&m=140431828824371&w=2 HP:HPSBMU03056 URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2 HP:HPSBMU03057 URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2 HP:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 HP:HPSBMU03074 URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2 HP:HPSBMU03076 URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2 MANDRIVA:MDVSA-2014:080 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2014:080~~ (Obsolete source) MANDRIVA:MDVSA-2015:062 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:062~~ (Obsolete source) OPENBSD:[5.5] 005: RELIABILITY FIX: May 1, 2014 URL:http://www.openbsd.org/errata55.html#005_openssl SECUNIA:58337 URL:http://secunia.com/advisories/58337 SECUNIA:58667 URL:http://secunia.com/advisories/58667 SECUNIA:58713 URL:http://secunia.com/advisories/58713 SECUNIA:58714 URL:http://secunia.com/advisories/58714 SECUNIA:58939 URL:http://secunia.com/advisories/58939 SECUNIA:58945 URL:http://secunia.com/advisories/58945 SECUNIA:58977 URL:http://secunia.com/advisories/58977 SECUNIA:59126 URL:http://secunia.com/advisories/59126 SECUNIA:59162 URL:http://secunia.com/advisories/59162 SECUNIA:59163 URL:http://secunia.com/advisories/59163 SECUNIA:59190 URL:http://secunia.com/advisories/59190 SECUNIA:59202 URL:http://secunia.com/advisories/59202 SECUNIA:59264 URL:http://secunia.com/advisories/59264 SECUNIA:59282 URL:http://secunia.com/advisories/59282 SECUNIA:59284 URL:http://secunia.com/advisories/59284 SECUNIA:59287 URL:http://secunia.com/advisories/59287 SECUNIA:59300 URL:http://secunia.com/advisories/59300 SECUNIA:59301 URL:http://secunia.com/advisories/59301 SECUNIA:59306 URL:http://secunia.com/advisories/59306 SECUNIA:59310 URL:http://secunia.com/advisories/59310 SECUNIA:59342 URL:http://secunia.com/advisories/59342 SECUNIA:59374 URL:http://secunia.com/advisories/59374 SECUNIA:59398 URL:http://secunia.com/advisories/59398 SECUNIA:59413 URL:http://secunia.com/advisories/59413 SECUNIA:59437 URL:http://secunia.com/advisories/59437 SECUNIA:59438 URL:http://secunia.com/advisories/59438 SECUNIA:59440 URL:http://secunia.com/advisories/59440 SECUNIA:59449 URL:http://secunia.com/advisories/59449 SECUNIA:59450 URL:http://secunia.com/advisories/59450 SECUNIA:59490 URL:http://secunia.com/advisories/59490 SECUNIA:59491 URL:http://secunia.com/advisories/59491 SECUNIA:59514 URL:http://secunia.com/advisories/59514 SECUNIA:59525 URL:http://secunia.com/advisories/59525 SECUNIA:59529 URL:http://secunia.com/advisories/59529 SECUNIA:59655 URL:http://secunia.com/advisories/59655 SECUNIA:59666 URL:http://secunia.com/advisories/59666 SECUNIA:59669 URL:http://secunia.com/advisories/59669 SECUNIA:59721 URL:http://secunia.com/advisories/59721 SECUNIA:59784 URL:http://secunia.com/advisories/59784 SECUNIA:59990 URL:http://secunia.com/advisories/59990 SECUNIA:60049 URL:http://secunia.com/advisories/60049 SECUNIA:60066 URL:http://secunia.com/advisories/60066 SECUNIA:60571 URL:http://secunia.com/advisories/60571 SECUNIA:61254 URL:http://secunia.com/advisories/61254 SUSE:SUSE-SU-2015:0743 URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html SUSE:openSUSE-SU-2014:0634 URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html SUSE:openSUSE-SU-2014:0635 URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20131203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)