// For flags

CVE-2014-3507

openssl: DTLS memory leak from zero-length fragments

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

Fuga de memoria en d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de fragmentos DTLS de longitud cero que provocan el manejo indebido del valor de retorno de cierta función de insertar.

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-08-06 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (51)
URL Tag Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html X_refsource_confirm
http://secunia.com/advisories/58962 Third Party Advisory
http://secunia.com/advisories/59700 Third Party Advisory
http://secunia.com/advisories/59710 Third Party Advisory
http://secunia.com/advisories/59743 Third Party Advisory
http://secunia.com/advisories/59756 Third Party Advisory
http://secunia.com/advisories/60022 Third Party Advisory
http://secunia.com/advisories/60221 Third Party Advisory
http://secunia.com/advisories/60493 Third Party Advisory
http://secunia.com/advisories/60684 Third Party Advisory
http://secunia.com/advisories/60778 Third Party Advisory
http://secunia.com/advisories/60803 Third Party Advisory
http://secunia.com/advisories/60824 Third Party Advisory
http://secunia.com/advisories/60917 Third Party Advisory
http://secunia.com/advisories/60921 Third Party Advisory
http://secunia.com/advisories/60938 Third Party Advisory
http://secunia.com/advisories/61017 Third Party Advisory
http://secunia.com/advisories/61040 Third Party Advisory
http://secunia.com/advisories/61100 Third Party Advisory
http://secunia.com/advisories/61184 Third Party Advisory
http://secunia.com/advisories/61250 Third Party Advisory
http://secunia.com/advisories/61775 Third Party Advisory
http://secunia.com/advisories/61959 Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm X_refsource_confirm
http://www.securityfocus.com/bid/69078 Vdb Entry
http://www.securitytracker.com/id/1030693 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95161 Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10109 X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html Mailing List
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8
Search vendor "Openssl" for product "Openssl" and version "0.9.8"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8a
Search vendor "Openssl" for product "Openssl" and version "0.9.8a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8b
Search vendor "Openssl" for product "Openssl" and version "0.9.8b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8c
Search vendor "Openssl" for product "Openssl" and version "0.9.8c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8d
Search vendor "Openssl" for product "Openssl" and version "0.9.8d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8e
Search vendor "Openssl" for product "Openssl" and version "0.9.8e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8f
Search vendor "Openssl" for product "Openssl" and version "0.9.8f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8g
Search vendor "Openssl" for product "Openssl" and version "0.9.8g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8h
Search vendor "Openssl" for product "Openssl" and version "0.9.8h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8i
Search vendor "Openssl" for product "Openssl" and version "0.9.8i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8j
Search vendor "Openssl" for product "Openssl" and version "0.9.8j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8k
Search vendor "Openssl" for product "Openssl" and version "0.9.8k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8l
Search vendor "Openssl" for product "Openssl" and version "0.9.8l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8m
Search vendor "Openssl" for product "Openssl" and version "0.9.8m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8m
Search vendor "Openssl" for product "Openssl" and version "0.9.8m"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8n
Search vendor "Openssl" for product "Openssl" and version "0.9.8n"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8o
Search vendor "Openssl" for product "Openssl" and version "0.9.8o"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8p
Search vendor "Openssl" for product "Openssl" and version "0.9.8p"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8q
Search vendor "Openssl" for product "Openssl" and version "0.9.8q"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8r
Search vendor "Openssl" for product "Openssl" and version "0.9.8r"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8s
Search vendor "Openssl" for product "Openssl" and version "0.9.8s"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8t
Search vendor "Openssl" for product "Openssl" and version "0.9.8t"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8u
Search vendor "Openssl" for product "Openssl" and version "0.9.8u"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8v
Search vendor "Openssl" for product "Openssl" and version "0.9.8v"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8w
Search vendor "Openssl" for product "Openssl" and version "0.9.8w"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8x
Search vendor "Openssl" for product "Openssl" and version "0.9.8x"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8y
Search vendor "Openssl" for product "Openssl" and version "0.9.8y"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8za
Search vendor "Openssl" for product "Openssl" and version "0.9.8za"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta4
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta5
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0b
Search vendor "Openssl" for product "Openssl" and version "1.0.0b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0c
Search vendor "Openssl" for product "Openssl" and version "1.0.0c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0d
Search vendor "Openssl" for product "Openssl" and version "1.0.0d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0e
Search vendor "Openssl" for product "Openssl" and version "1.0.0e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0f
Search vendor "Openssl" for product "Openssl" and version "1.0.0f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0g
Search vendor "Openssl" for product "Openssl" and version "1.0.0g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0h
Search vendor "Openssl" for product "Openssl" and version "1.0.0h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0i
Search vendor "Openssl" for product "Openssl" and version "1.0.0i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0j
Search vendor "Openssl" for product "Openssl" and version "1.0.0j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0k
Search vendor "Openssl" for product "Openssl" and version "1.0.0k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0l
Search vendor "Openssl" for product "Openssl" and version "1.0.0l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.0m
Search vendor "Openssl" for product "Openssl" and version "1.0.0m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected