// For flags

CVE-2014-3506

openssl: DTLS memory exhaustion

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de mensajes de negociación DTLS manipulados que provocan reservas de memoria correspondientes con valores de longitud grandes.

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-08-06 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (55)
URL Tag Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1053.html X_refsource_confirm
http://secunia.com/advisories/58962 Third Party Advisory
http://secunia.com/advisories/59221 Third Party Advisory
http://secunia.com/advisories/59700 Third Party Advisory
http://secunia.com/advisories/59710 Third Party Advisory
http://secunia.com/advisories/59743 Third Party Advisory
http://secunia.com/advisories/59756 Third Party Advisory
http://secunia.com/advisories/60022 Third Party Advisory
http://secunia.com/advisories/60221 Third Party Advisory
http://secunia.com/advisories/60493 Third Party Advisory
http://secunia.com/advisories/60684 Third Party Advisory
http://secunia.com/advisories/60687 Third Party Advisory
http://secunia.com/advisories/60778 Third Party Advisory
http://secunia.com/advisories/60803 Third Party Advisory
http://secunia.com/advisories/60824 Third Party Advisory
http://secunia.com/advisories/60917 Third Party Advisory
http://secunia.com/advisories/60921 Third Party Advisory
http://secunia.com/advisories/60938 Third Party Advisory
http://secunia.com/advisories/61017 Third Party Advisory
http://secunia.com/advisories/61040 Third Party Advisory
http://secunia.com/advisories/61100 Third Party Advisory
http://secunia.com/advisories/61184 Third Party Advisory
http://secunia.com/advisories/61250 Third Party Advisory
http://secunia.com/advisories/61775 Third Party Advisory
http://secunia.com/advisories/61959 Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm X_refsource_confirm
http://www.securityfocus.com/bid/69076 Vdb Entry
http://www.securitytracker.com/id/1030693 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95160 Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636 X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html Mailing List
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8
Search vendor "Openssl" for product "Openssl" and version "0.9.8"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8a
Search vendor "Openssl" for product "Openssl" and version "0.9.8a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8b
Search vendor "Openssl" for product "Openssl" and version "0.9.8b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8c
Search vendor "Openssl" for product "Openssl" and version "0.9.8c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8d
Search vendor "Openssl" for product "Openssl" and version "0.9.8d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8e
Search vendor "Openssl" for product "Openssl" and version "0.9.8e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8f
Search vendor "Openssl" for product "Openssl" and version "0.9.8f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8g
Search vendor "Openssl" for product "Openssl" and version "0.9.8g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8h
Search vendor "Openssl" for product "Openssl" and version "0.9.8h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8i
Search vendor "Openssl" for product "Openssl" and version "0.9.8i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8j
Search vendor "Openssl" for product "Openssl" and version "0.9.8j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8k
Search vendor "Openssl" for product "Openssl" and version "0.9.8k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8l
Search vendor "Openssl" for product "Openssl" and version "0.9.8l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8m
Search vendor "Openssl" for product "Openssl" and version "0.9.8m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8m
Search vendor "Openssl" for product "Openssl" and version "0.9.8m"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8n
Search vendor "Openssl" for product "Openssl" and version "0.9.8n"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8o
Search vendor "Openssl" for product "Openssl" and version "0.9.8o"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8p
Search vendor "Openssl" for product "Openssl" and version "0.9.8p"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8q
Search vendor "Openssl" for product "Openssl" and version "0.9.8q"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8r
Search vendor "Openssl" for product "Openssl" and version "0.9.8r"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8s
Search vendor "Openssl" for product "Openssl" and version "0.9.8s"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8t
Search vendor "Openssl" for product "Openssl" and version "0.9.8t"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8u
Search vendor "Openssl" for product "Openssl" and version "0.9.8u"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8v
Search vendor "Openssl" for product "Openssl" and version "0.9.8v"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8w
Search vendor "Openssl" for product "Openssl" and version "0.9.8w"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8x
Search vendor "Openssl" for product "Openssl" and version "0.9.8x"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8y
Search vendor "Openssl" for product "Openssl" and version "0.9.8y"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8za
Search vendor "Openssl" for product "Openssl" and version "0.9.8za"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta4
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta5
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0b
Search vendor "Openssl" for product "Openssl" and version "1.0.0b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0c
Search vendor "Openssl" for product "Openssl" and version "1.0.0c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0d
Search vendor "Openssl" for product "Openssl" and version "1.0.0d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0e
Search vendor "Openssl" for product "Openssl" and version "1.0.0e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0f
Search vendor "Openssl" for product "Openssl" and version "1.0.0f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0g
Search vendor "Openssl" for product "Openssl" and version "1.0.0g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0h
Search vendor "Openssl" for product "Openssl" and version "1.0.0h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0i
Search vendor "Openssl" for product "Openssl" and version "1.0.0i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0j
Search vendor "Openssl" for product "Openssl" and version "1.0.0j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0k
Search vendor "Openssl" for product "Openssl" and version "1.0.0k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0l
Search vendor "Openssl" for product "Openssl" and version "1.0.0l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0m
Search vendor "Openssl" for product "Openssl" and version "1.0.0m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected