Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-0198

Published: 06/05/2014 Updated: 29/08/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

mariadb mariadb

fedoraproject fedora 20

fedoraproject fedora 19

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 6.0

opensuse opensuse 12.3

opensuse opensuse 13.1

suse linux enterprise server 12

suse linux enterprise software development kit 12

suse linux enterprise desktop 12

suse linux enterprise workstation extension 12

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
OpenSSL could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-2931-1 openssl -- security update
It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service The oldstable distribution (squeeze) is not affected For the stable distribution (wheezy), this problem has been fixed in version 101e-2+deb7u9 For the testing distribution (jessie), this problem has been fixed in version 1 ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier
Debian Bug report logs - #747432 openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 101g and earlier Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Demetris Demetriou <mitsosgtir ...
Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Jeff Ballard < ...
Amazon Linux AMI: ALAS-2014-349
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...
Red Hat: CVE-2014-0198
The do_ssl3_write function in s3_pktc in OpenSSL 1x through 101g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition ...
Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
Overview The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below: • CVE-2014-0224: SSL/TLS MITM vulnerability • CVE-2014-0221: DTLS recursion flaw • CVE-2014-0195: DTLS invalid fragment vulnerability • CVE-2014-0198: SSL_MODE_RELEASE_BUFFE ...

Recent Articles

FireEye patches OS, torpedos Exploit-DB disclosure
The Register • Darren Pauli • 10 Jul 2014

Researcher suspended after zero-day dump

FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...

Read more...

References

CWE-476https://bugzilla.redhat.com/show_bug.cgi?id=1093837http://www.openbsd.org/errata55.html#005_opensslhttps://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.htmlhttp://www.debian.org/security/2014/dsa-2931http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.htmlhttp://www.openssl.org/news/secadv_20140605.txthttps://kb.bluecoat.com/index?page=content&id=SA80http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslhttp://www.blackberry.com/btsc/KB36051http://www-01.ibm.com/support/docview.wss?uid=swg21676035http://secunia.com/advisories/59438http://secunia.com/advisories/59301http://secunia.com/advisories/59450http://secunia.com/advisories/59491http://secunia.com/advisories/59721http://www-01.ibm.com/support/docview.wss?uid=swg21677695http://secunia.com/advisories/59655http://www-01.ibm.com/support/docview.wss?uid=swg21676655http://secunia.com/advisories/59162http://secunia.com/advisories/58939http://secunia.com/advisories/59666http://secunia.com/advisories/59126http://www-01.ibm.com/support/docview.wss?uid=swg21677828http://secunia.com/advisories/59490http://www-01.ibm.com/support/docview.wss?uid=swg21676062https://kc.mcafee.com/corporate/index?page=content&id=SB10075http://www-01.ibm.com/support/docview.wss?uid=swg21676419http://www-01.ibm.com/support/docview.wss?uid=swg21678167http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmhttp://www-01.ibm.com/support/docview.wss?uid=swg21673137http://secunia.com/advisories/59514http://www-01.ibm.com/support/docview.wss?uid=swg21677527http://secunia.com/advisories/59669http://secunia.com/advisories/59413http://secunia.com/advisories/59300http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.fortiguard.com/advisory/FG-IR-14-018/http://secunia.com/advisories/59342http://secunia.com/advisories/60049http://puppetlabs.com/security/cve/cve-2014-0198http://secunia.com/advisories/60066http://secunia.com/advisories/59990http://secunia.com/advisories/60571http://secunia.com/advisories/59784http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://marc.info/?l=bugtraq&m=140431828824371&w=2http://marc.info/?l=bugtraq&m=141658880509699&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140621259019789&w=2http://marc.info/?l=bugtraq&m=140544599631400&w=2http://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140904544427729&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140752315422991&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttps://www.novell.com/support/kb/doc.php?id=7015271http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754http://www-01.ibm.com/support/docview.wss?uid=swg21683332http://www-01.ibm.com/support/docview.wss?uid=swg21677836http://www-01.ibm.com/support/docview.wss?uid=swg21676889http://www-01.ibm.com/support/docview.wss?uid=swg21676879http://www-01.ibm.com/support/docview.wss?uid=swg21676529http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlhttp://www.securityfocus.com/bid/67193http://www.mandriva.com/security/advisories?name=MDVSA-2014:080http://www.ibm.com/support/docview.wss?uid=swg24037783http://www.ibm.com/support/docview.wss?uid=swg21676356http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.htmlhttp://support.citrix.com/article/CTX140876http://security.gentoo.org/glsa/glsa-201407-05.xmlhttp://secunia.com/advisories/61254http://secunia.com/advisories/59529http://secunia.com/advisories/59525http://secunia.com/advisories/59449http://secunia.com/advisories/59440http://secunia.com/advisories/59437http://secunia.com/advisories/59398http://secunia.com/advisories/59374http://secunia.com/advisories/59310http://secunia.com/advisories/59306http://secunia.com/advisories/59287http://secunia.com/advisories/59284http://secunia.com/advisories/59282http://secunia.com/advisories/59264http://secunia.com/advisories/59202http://secunia.com/advisories/59190http://secunia.com/advisories/59163http://secunia.com/advisories/58977http://secunia.com/advisories/58945http://secunia.com/advisories/58714http://secunia.com/advisories/58713http://secunia.com/advisories/58667http://secunia.com/advisories/58337http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=KB29195http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.aschttp://advisories.mageia.org/MGASA-2014-0204.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdfhttps://usn.ubuntu.com/2192-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0198
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook