// For flags

CVE-2014-3513

openssl: SRTP memory leak causes crash when using specially-crafted handshake message

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Fuga de memoria en d1_srtp.c en la extensión DTLS SRTP en OpenSSL 1.0.1 anterior a 1.0.1j permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un mensaje de negociación manipulado.

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-10-15 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-04-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (44)
URL Tag Source
http://advisories.mageia.org/MGASA-2014-0416.html X_refsource_confirm
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc X_refsource_confirm
http://secunia.com/advisories/59627 Third Party Advisory
http://secunia.com/advisories/61058 Third Party Advisory
http://secunia.com/advisories/61073 Third Party Advisory
http://secunia.com/advisories/61207 Third Party Advisory
http://secunia.com/advisories/61298 Third Party Advisory
http://secunia.com/advisories/61439 Third Party Advisory
http://secunia.com/advisories/61837 Third Party Advisory
http://secunia.com/advisories/61959 Third Party Advisory
http://secunia.com/advisories/61990 Third Party Advisory
http://secunia.com/advisories/62070 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 X_refsource_confirm
http://www.securityfocus.com/bid/70584 Vdb Entry
http://www.securitytracker.com/id/1031052 Vdb Entry
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6 X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10091 X_refsource_confirm
https://support.apple.com/HT205217 X_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html X_refsource_confirm
URL Date SRC
URL Date SRC
http://marc.info/?l=bugtraq&m=142495837901899&w=2 2023-11-07
http://security.gentoo.org/glsa/glsa-201412-39.xml 2023-11-07
URL Date SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc 2023-11-07
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html 2023-11-07
http://marc.info/?l=bugtraq&m=142118135300698&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=142624590206005&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=142791032306609&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=142804214608580&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=142834685803386&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143290437727362&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143290522027658&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143290583027876&w=2 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1652.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1692.html 2023-11-07
http://www.debian.org/security/2014/dsa-3053 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 2023-11-07
http://www.ubuntu.com/usn/USN-2385-1 2023-11-07
https://www.openssl.org/news/secadv_20141015.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3513 2014-10-22
https://bugzilla.redhat.com/show_bug.cgi?id=1152953 2014-10-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected