CVE-2014-3508

openssl: information leak in pretty printing functions

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

La función OBJ_obj2txt en crypto/objects/obj_dat.c en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i, cuando 'pretty printing' está utilizado, no asegura la presencia de caracteres '\0', lo que permite a atacantes dependientes de contexto obtener información sensible de la memoria en pila del proceso mediante la lectura de salidas de X509_name_oneline, X509_name_print_ex, y otras funciones no especificadas.

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-06 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (71)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1053.html	X_refsource_confirm
http://secunia.com/advisories/58962	Third Party Advisory
http://secunia.com/advisories/59221	Third Party Advisory
http://secunia.com/advisories/59700	Third Party Advisory
http://secunia.com/advisories/59710	Third Party Advisory
http://secunia.com/advisories/59743	Third Party Advisory
http://secunia.com/advisories/59756	Third Party Advisory
http://secunia.com/advisories/60022	Third Party Advisory
http://secunia.com/advisories/60221	Third Party Advisory
http://secunia.com/advisories/60410	Third Party Advisory
http://secunia.com/advisories/60493	Third Party Advisory
http://secunia.com/advisories/60684	Third Party Advisory
http://secunia.com/advisories/60687	Third Party Advisory
http://secunia.com/advisories/60778	Third Party Advisory
http://secunia.com/advisories/60803	Third Party Advisory
http://secunia.com/advisories/60824	Third Party Advisory
http://secunia.com/advisories/60861	Third Party Advisory
http://secunia.com/advisories/60917	Third Party Advisory
http://secunia.com/advisories/60921	Third Party Advisory
http://secunia.com/advisories/60938	Third Party Advisory
http://secunia.com/advisories/61017	Third Party Advisory
http://secunia.com/advisories/61100	Third Party Advisory
http://secunia.com/advisories/61171	Third Party Advisory
http://secunia.com/advisories/61184	Third Party Advisory
http://secunia.com/advisories/61214	Third Party Advisory
http://secunia.com/advisories/61250	Third Party Advisory
http://secunia.com/advisories/61392	Third Party Advisory
http://secunia.com/advisories/61775	Third Party Advisory
http://secunia.com/advisories/61959	Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681752	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997	X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm	X_refsource_confirm
http://www.securityfocus.com/bid/69075	Vdb Entry
http://www.securitytracker.com/id/1030693	Vdb Entry
http://www.tenable.com/security/tns-2014-06	X_refsource_confirm
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/95165	Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380	X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html	Mailing List
https://support.citrix.com/article/CTX216642	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html	2023-11-07
http://marc.info/?l=bugtraq&m=140853041709441&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=140973896703549&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=141077370928502&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142495837901899&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142624590206005&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142660345230545&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142791032306609&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290437727362&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290522027658&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1256.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1297.html	2023-11-07
http://www.debian.org/security/2014/dsa-2998	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1127490	2014-09-24
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc	2023-11-07
https://www.openssl.org/news/secadv_20140806.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3508	2014-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8n Search vendor "Openssl" for product "Openssl" and version "0.9.8n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8o Search vendor "Openssl" for product "Openssl" and version "0.9.8o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8p Search vendor "Openssl" for product "Openssl" and version "0.9.8p"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8q Search vendor "Openssl" for product "Openssl" and version "0.9.8q"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8r Search vendor "Openssl" for product "Openssl" and version "0.9.8r"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8s Search vendor "Openssl" for product "Openssl" and version "0.9.8s"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8t Search vendor "Openssl" for product "Openssl" and version "0.9.8t"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8u Search vendor "Openssl" for product "Openssl" and version "0.9.8u"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8v Search vendor "Openssl" for product "Openssl" and version "0.9.8v"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8w Search vendor "Openssl" for product "Openssl" and version "0.9.8w"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8x Search vendor "Openssl" for product "Openssl" and version "0.9.8x"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8y Search vendor "Openssl" for product "Openssl" and version "0.9.8y"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8za Search vendor "Openssl" for product "Openssl" and version "0.9.8za"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected