CVE-2014-3506

openssl: DTLS memory exhaustion

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de mensajes de negociación DTLS manipulados que provocan reservas de memoria correspondientes con valores de longitud grandes.

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-06 CVE Published
2024-08-06 CVE Updated
2024-08-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (55)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1053.html	X_refsource_confirm
http://secunia.com/advisories/58962	Third Party Advisory
http://secunia.com/advisories/59221	Third Party Advisory
http://secunia.com/advisories/59700	Third Party Advisory
http://secunia.com/advisories/59710	Third Party Advisory
http://secunia.com/advisories/59743	Third Party Advisory
http://secunia.com/advisories/59756	Third Party Advisory
http://secunia.com/advisories/60022	Third Party Advisory
http://secunia.com/advisories/60221	Third Party Advisory
http://secunia.com/advisories/60493	Third Party Advisory
http://secunia.com/advisories/60684	Third Party Advisory
http://secunia.com/advisories/60687	Third Party Advisory
http://secunia.com/advisories/60778	Third Party Advisory
http://secunia.com/advisories/60803	Third Party Advisory
http://secunia.com/advisories/60824	Third Party Advisory
http://secunia.com/advisories/60917	Third Party Advisory
http://secunia.com/advisories/60921	Third Party Advisory
http://secunia.com/advisories/60938	Third Party Advisory
http://secunia.com/advisories/61017	Third Party Advisory
http://secunia.com/advisories/61040	Third Party Advisory
http://secunia.com/advisories/61100	Third Party Advisory
http://secunia.com/advisories/61184	Third Party Advisory
http://secunia.com/advisories/61250	Third Party Advisory
http://secunia.com/advisories/61775	Third Party Advisory
http://secunia.com/advisories/61959	Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997	X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm	X_refsource_confirm
http://www.securityfocus.com/bid/69076	Vdb Entry
http://www.securitytracker.com/id/1030693	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95160	Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636	X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html	2023-11-07
http://marc.info/?l=bugtraq&m=140853041709441&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=141077370928502&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142660345230545&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1256.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1297.html	2023-11-07
http://security.gentoo.org/glsa/glsa-201412-39.xml	2023-11-07
http://www.debian.org/security/2014/dsa-2998	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1127500	2014-09-24
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc	2023-11-07
https://www.openssl.org/news/secadv_20140806.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3506	2014-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8n Search vendor "Openssl" for product "Openssl" and version "0.9.8n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8o Search vendor "Openssl" for product "Openssl" and version "0.9.8o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8p Search vendor "Openssl" for product "Openssl" and version "0.9.8p"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8q Search vendor "Openssl" for product "Openssl" and version "0.9.8q"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8r Search vendor "Openssl" for product "Openssl" and version "0.9.8r"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8s Search vendor "Openssl" for product "Openssl" and version "0.9.8s"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8t Search vendor "Openssl" for product "Openssl" and version "0.9.8t"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8u Search vendor "Openssl" for product "Openssl" and version "0.9.8u"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8v Search vendor "Openssl" for product "Openssl" and version "0.9.8v"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8w Search vendor "Openssl" for product "Openssl" and version "0.9.8w"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8x Search vendor "Openssl" for product "Openssl" and version "0.9.8x"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8y Search vendor "Openssl" for product "Openssl" and version "0.9.8y"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8za Search vendor "Openssl" for product "Openssl" and version "0.9.8za"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected