CVE-2014-3571
openssl: DTLS segmentation fault in dtls1_get_record
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
OpenSSL anterior a 0.9.8zd, 1.0.0 anterior a 1.0.0p, y 1.0.1 anterior a 1.0.1k permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de un mensaje DTLS manipulado que se procesa con un operación diferente de lectura para la cabecera de negociación que la del cuerpo de la negociación, relacionado con la función dtls1_get_record en d1_pkt.c y la función ssl3_read_n en s3_pkt.c.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A memory leak can occur in the dtls1_buffer_record function under certain conditions. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2015-01-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (39)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | <= 0.9.8zc Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8zc" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0n Search vendor "Openssl" for product "Openssl" and version "1.0.0n" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0o Search vendor "Openssl" for product "Openssl" and version "1.0.0o" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1i Search vendor "Openssl" for product "Openssl" and version "1.0.1i" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1j Search vendor "Openssl" for product "Openssl" and version "1.0.1j" | - |
Affected
| ||||||