The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
mariadb mariadb |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise server 12 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise workstation extension 12 |
Researcher suspended after zero-day dump
FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...