CVE-2014-3571

openssl: DTLS segmentation fault in dtls1_get_record

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

OpenSSL anterior a 0.9.8zd, 1.0.0 anterior a 1.0.0p, y 1.0.1 anterior a 1.0.1k permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de un mensaje DTLS manipulado que se procesa con un operación diferente de lectura para la cabecera de negociación que la del cuerpo de la negociación, relacionado con la función dtls1_get_record en d1_pkt.c y la función ssl3_read_n en s3_pkt.c.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2015-01-09 CVE Published
2024-08-06 CVE Updated
2024-11-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (39)

URL	Tag	Source
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	X_refsource_confirm
http://www.securityfocus.com/bid/71937	Vdb Entry
http://www.securitytracker.com/id/1033378	Vdb Entry
https://bto.bluecoat.com/security-advisory/sa88	X_refsource_confirm
https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b	X_refsource_confirm
https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d	X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10102	X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10108	X_refsource_confirm
https://support.apple.com/HT204659	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	2017-10-20
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html	2017-10-20
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html	2017-10-20
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html	2017-10-20
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	2017-10-20
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	2017-10-20
http://marc.info/?l=bugtraq&m=142496179803395&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=142496289803847&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=142721102728110&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=142895206924048&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=143748090628601&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=144050155601375&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=144050205101530&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=144050254401665&w=2	2017-10-20
http://marc.info/?l=bugtraq&m=144050297101809&w=2	2017-10-20
http://rhn.redhat.com/errata/RHSA-2015-0066.html	2017-10-20
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl	2017-10-20
http://www.debian.org/security/2015/dsa-3125	2017-10-20
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019	2017-10-20
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	2017-10-20
https://www.openssl.org/news/secadv_20150108.txt	2017-10-20
https://access.redhat.com/security/cve/CVE-2014-3571	2015-01-21
https://bugzilla.redhat.com/show_bug.cgi?id=1180234	2015-01-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				<= 0.9.8zc Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8zc"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0n Search vendor "Openssl" for product "Openssl" and version "1.0.0n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0o Search vendor "Openssl" for product "Openssl" and version "1.0.0o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1i Search vendor "Openssl" for product "Openssl" and version "1.0.1i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1j Search vendor "Openssl" for product "Openssl" and version "1.0.1j"		-		Affected