CVE-2014-3507
openssl: DTLS memory leak from zero-length fragments
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
Fuga de memoria en d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de fragmentos DTLS de longitud cero que provocan el manejo indebido del valor de retorno de cierta función de insertar.
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-08-06 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (51)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m" | beta1 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8n Search vendor "Openssl" for product "Openssl" and version "0.9.8n" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8o Search vendor "Openssl" for product "Openssl" and version "0.9.8o" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8p Search vendor "Openssl" for product "Openssl" and version "0.9.8p" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8q Search vendor "Openssl" for product "Openssl" and version "0.9.8q" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8r Search vendor "Openssl" for product "Openssl" and version "0.9.8r" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8s Search vendor "Openssl" for product "Openssl" and version "0.9.8s" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8t Search vendor "Openssl" for product "Openssl" and version "0.9.8t" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8u Search vendor "Openssl" for product "Openssl" and version "0.9.8u" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8v Search vendor "Openssl" for product "Openssl" and version "0.9.8v" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8w Search vendor "Openssl" for product "Openssl" and version "0.9.8w" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8x Search vendor "Openssl" for product "Openssl" and version "0.9.8x" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8y Search vendor "Openssl" for product "Openssl" and version "0.9.8y" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8za Search vendor "Openssl" for product "Openssl" and version "0.9.8za" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | beta1 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | beta2 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | beta3 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | beta4 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | beta5 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1" | beta1 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1" | beta2 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1" | beta3 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h" | - |
Affected
|