CVE-2015-0206 – openssl: DTLS memory leak in dtls1_buffer_record
https://notcve.org/view.php?id=CVE-2015-0206
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. Fuga de memoria en la función dtls1_buffer_record en d1_pkt.c en OpenSSL 1.0.0 anterior a 1.0.0p y 1.0.1 anterior a 1.0.1k permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante el envío de muchos archivos duplicados para la próxima época, lo que provoca un fallo de la detección de la reproducción. A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html http://marc.info/?l=bugtraq&m=142721102728110&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2014-3571 – openssl: DTLS segmentation fault in dtls1_get_record
https://notcve.org/view.php?id=CVE-2014-3571
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. OpenSSL anterior a 0.9.8zd, 1.0.0 anterior a 1.0.0p, y 1.0.1 anterior a 1.0.1k permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de un mensaje DTLS manipulado que se procesa con un operación diferente de lectura para la cabecera de negociación que la del cuerpo de la negociación, relacionado con la función dtls1_get_record en d1_pkt.c y la función ssl3_read_n en s3_pkt.c. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://marc.info/?l=bugtraq&m=142496179803395&w •
CVE-2014-3567 – openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
https://notcve.org/view.php?id=CVE-2014-3567
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Fuga de memoria en la función tls_decrypt_ticket en t1_lib.c en OpenSSL anterior a 0.9.8zc, 1.0.0 anterior a 1.0.0o, y 1.0.1 anterior a 1.0.1j permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un ticket de sesión manipulado que provoca un fallo en la comprobación de integridad. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html http& • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2014-3568
https://notcve.org/view.php?id=CVE-2014-3568
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL anterior a 0.9.8zc, 1.0.0 anterior a 1.0.0o, y 1.0.1 anterior a 1.0.1j no fuerza correctamente la opción build no-ssl3, lo que permite a atacantes remotos evadir las restricciones de acceso a través de una negociación SSL 3.0, relacionado con s23_clnt.c y s23_srvr.c. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html http://lists.opensuse.org/opensuse-security-announce/20 • CWE-310: Cryptographic Issues •
CVE-2014-3513 – openssl: SRTP memory leak causes crash when using specially-crafted handshake message
https://notcve.org/view.php?id=CVE-2014-3513
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. Fuga de memoria en d1_srtp.c en la extensión DTLS SRTP en OpenSSL 1.0.1 anterior a 1.0.1j permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un mensaje de negociación manipulado. A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html http://marc.info/?l=bugtraq&m=142118135300698&w=2 http://marc.info • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •