Published: 05/06/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote malicious users to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl
redhat enterprise linux 6.0
redhat storage 2.1
redhat enterprise linux 5
fedoraproject fedora
mariadb mariadb
fedoraproject fedora 20
fedoraproject fedora 19
suse linux enterprise workstation extension 12
opensuse leap 42.1
opensuse opensuse 13.2
suse linux enterprise server 12
suse linux enterprise software development kit 12
suse linux enterprise desktop 12

Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...

Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Jeff Ballard < ...

Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service CVE-20 ...

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...

Several security issues were fixed in OpenSSL ...

USN-2232-1 introduced a regression in OpenSSL ...

The ssl3_send_client_key_exchange function in s3_clntc in OpenSSL before 098za, 100 before 100m, and 101 before 101h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value ...

Overview The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below: • CVE-2014-0224: SSL/TLS MITM vulnerability • CVE-2014-0221: DTLS recursion flaw • CVE-2014-0195: DTLS invalid fragment vulnerability • CVE-2014-0198: SSL_MODE_RELEASE_BUFFE ...

FireEye patches OS, torpedos Exploit-DB disclosure

The Register • Darren Pauli • 10 Jul 2014

Researcher suspended after zero-day dump

FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...

Get Started

CVE-2014-3470

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect