Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2014-3513

Published: 19/10/2014 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Openssl

Vulnerability Summary

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 prior to 1.0.1j allows remote malicious users to cause a denial of service (memory consumption) via a crafted handshake message.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.1

openssl openssl 1.0.1h

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.1a

openssl openssl 1.0.1d

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1f

openssl openssl 1.0.1i

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian Security Advisories: DSA-3053-1 openssl -- security update
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data A remote attacker could send multiple specially crafted handshake messages to exhaust all availabl ...
Amazon Linux AMI: ALAS-2014-427
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ...
Red Hat: CVE-2014-3513
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server ...
Tenable Security Advisories: [R7] OpenSSL '20141015' Advisory Affects Tenable Products
SecurityCenter is impacted by two vulnerabilities in OpenSSL that were recently disclosed and fixed CVE-2014-3513 - OpenSSL contains a flaw in the DTLS SRTP extension parsing code that is triggered when handling a specially crafted handshake message, which can cause a memory leak This may allow a remote attacker to cause a denial of service CV ...

Recent Articles

Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
The Register • Neil McAllister in San Francisco • 15 Oct 2014

Four new patches for open-source crypto libraries

Poodle If you're using the popular OpenSSL open source cryptography library, you have more to worry about than the recently disclosed POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, project devs have warned. In addition to patching two POODLE-related bugs, new releases of OpenSSL issued on Wednesday also close a pair of memory leaks that can allow attackers to launch denial-of-service attacks against OpenSSL-enabled servers. The most serious of these is a bug in OpenSSL's ...

Read more...

References

CWE-20https://www.openssl.org/news/secadv_20141015.txthttp://rhn.redhat.com/errata/RHSA-2014-1652.htmlhttp://www.debian.org/security/2014/dsa-3053http://rhn.redhat.com/errata/RHSA-2014-1692.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlhttp://www.ubuntu.com/usn/USN-2385-1http://advisories.mageia.org/MGASA-2014-0416.htmlhttp://secunia.com/advisories/59627http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.aschttp://secunia.com/advisories/61298http://secunia.com/advisories/61959http://secunia.com/advisories/61439http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlhttp://secunia.com/advisories/61073http://www.securityfocus.com/bid/70584http://secunia.com/advisories/62070https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6http://www.securitytracker.com/id/1031052https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.htmlftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.aschttp://secunia.com/advisories/61207http://www-01.ibm.com/support/docview.wss?uid=swg21686997http://secunia.com/advisories/61058http://secunia.com/advisories/61990http://secunia.com/advisories/61837http://security.gentoo.org/glsa/glsa-201412-39.xmlhttp://marc.info/?l=bugtraq&m=142495837901899&w=2http://marc.info/?l=bugtraq&m=142624590206005&w=2http://marc.info/?l=bugtraq&m=142118135300698&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://marc.info/?l=bugtraq&m=142791032306609&w=2http://marc.info/?l=bugtraq&m=142834685803386&w=2http://marc.info/?l=bugtraq&m=142804214608580&w=2http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlhttps://support.apple.com/HT205217https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380http://marc.info/?l=bugtraq&m=143290583027876&w=2http://marc.info/?l=bugtraq&m=143290437727362&w=2http://marc.info/?l=bugtraq&m=143290522027658&w=2https://kc.mcafee.com/corporate/index?page=content&id=SB10091https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328dhttps://usn.ubuntu.com/2385-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3513
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook