CVE-2014-0198

openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

La función do_ssl3_write en s3_pkt.c en OpenSSL 1.x hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, no maneja debidamente un puntero de buffer durante ciertas llamadas recursivas, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de vectores que provocan una condición de alerta.

OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-03 CVE Reserved
2014-05-05 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (113)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0204.html	Third Party Advisory
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	Third Party Advisory
http://puppetlabs.com/security/cve/cve-2014-0198	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List
http://secunia.com/advisories/58337	Not Applicable
http://secunia.com/advisories/58667	Not Applicable
http://secunia.com/advisories/58713	Not Applicable
http://secunia.com/advisories/58714	Not Applicable
http://secunia.com/advisories/58939	Not Applicable
http://secunia.com/advisories/58945	Not Applicable
http://secunia.com/advisories/58977	Not Applicable
http://secunia.com/advisories/59126	Not Applicable
http://secunia.com/advisories/59162	Not Applicable
http://secunia.com/advisories/59163	Not Applicable
http://secunia.com/advisories/59190	Not Applicable
http://secunia.com/advisories/59202	Not Applicable
http://secunia.com/advisories/59264	Not Applicable
http://secunia.com/advisories/59282	Not Applicable
http://secunia.com/advisories/59284	Not Applicable
http://secunia.com/advisories/59287	Not Applicable
http://secunia.com/advisories/59300	Not Applicable
http://secunia.com/advisories/59301	Not Applicable
http://secunia.com/advisories/59306	Not Applicable
http://secunia.com/advisories/59310	Not Applicable
http://secunia.com/advisories/59342	Not Applicable
http://secunia.com/advisories/59374	Not Applicable
http://secunia.com/advisories/59398	Not Applicable
http://secunia.com/advisories/59413	Not Applicable
http://secunia.com/advisories/59437	Not Applicable
http://secunia.com/advisories/59438	Not Applicable
http://secunia.com/advisories/59440	Not Applicable
http://secunia.com/advisories/59449	Not Applicable
http://secunia.com/advisories/59450	Not Applicable
http://secunia.com/advisories/59490	Not Applicable
http://secunia.com/advisories/59491	Not Applicable
http://secunia.com/advisories/59514	Not Applicable
http://secunia.com/advisories/59525	Not Applicable
http://secunia.com/advisories/59529	Not Applicable
http://secunia.com/advisories/59655	Not Applicable
http://secunia.com/advisories/59666	Not Applicable
http://secunia.com/advisories/59669	Not Applicable
http://secunia.com/advisories/59721	Not Applicable
http://secunia.com/advisories/59784	Not Applicable
http://secunia.com/advisories/59990	Not Applicable
http://secunia.com/advisories/60049	Not Applicable
http://secunia.com/advisories/60066	Not Applicable
http://secunia.com/advisories/60571	Not Applicable
http://secunia.com/advisories/61254	Not Applicable
http://support.citrix.com/article/CTX140876	Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Broken Link
http://www.blackberry.com/btsc/KB36051	Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018	Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/67193	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80	Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Broken Link
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321	Broken Link
https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	2022-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=1093837	2014-06-10

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2022-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	2022-08-29
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html	2022-08-29
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html	2022-08-29
http://marc.info/?l=bugtraq&m=140389274407904&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140389355508263&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140431828824371&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140448122410568&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140544599631400&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140621259019789&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140752315422991&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140904544427729&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=141658880509699&w=2	2022-08-29
http://security.gentoo.org/glsa/glsa-201407-05.xml	2022-08-29
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl	2022-08-29
http://www.debian.org/security/2014/dsa-2931	2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080	2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	2022-08-29
http://www.openbsd.org/errata55.html#005_openssl	2022-08-29
http://www.openssl.org/news/secadv_20140605.txt	2022-08-29
https://access.redhat.com/security/cve/CVE-2014-0198	2014-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.0 <= 1.0.1g Search vendor "Openssl" for product "Openssl" and version " >= 1.0.0 <= 1.0.1g"		-		Affected
Mariadb Search vendor "Mariadb"		Mariadb Search vendor "Mariadb" for product "Mariadb"				>= 10.0.0 < 10.0.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.13"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				19 Search vendor "Fedoraproject" for product "Fedora" and version "19"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				20 Search vendor "Fedoraproject" for product "Fedora" and version "20"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit"				12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Workstation Extension Search vendor "Suse" for product "Linux Enterprise Workstation Extension"				12 Search vendor "Suse" for product "Linux Enterprise Workstation Extension" and version "12"		-		Affected