// For flags

CVE-2014-5139

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

La función ssl_set_client_disabled en t1_lib.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a servidores SSL remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación del cliente) a través de un mensaje ServerHello que incluye un suite de cifrado SRP sin la negociación necesaria de este suite de cifrada con el cliente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-07-30 CVE Reserved
  • 2014-08-06 CVE Published
  • 2023-11-09 First Exploit
  • 2024-03-25 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (48)
URL Tag Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc X_refsource_confirm
http://secunia.com/advisories/59700 Third Party Advisory
http://secunia.com/advisories/59710 Third Party Advisory
http://secunia.com/advisories/59756 Third Party Advisory
http://secunia.com/advisories/60022 Third Party Advisory
http://secunia.com/advisories/60221 Third Party Advisory
http://secunia.com/advisories/60493 Third Party Advisory
http://secunia.com/advisories/60803 Third Party Advisory
http://secunia.com/advisories/60810 Third Party Advisory
http://secunia.com/advisories/60917 Third Party Advisory
http://secunia.com/advisories/60921 Third Party Advisory
http://secunia.com/advisories/61017 Third Party Advisory
http://secunia.com/advisories/61100 Third Party Advisory
http://secunia.com/advisories/61171 Third Party Advisory
http://secunia.com/advisories/61184 Third Party Advisory
http://secunia.com/advisories/61392 Third Party Advisory
http://secunia.com/advisories/61775 Third Party Advisory
http://secunia.com/advisories/61959 Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm X_refsource_confirm
http://www.securityfocus.com/bid/69077 Vdb Entry
http://www.securitytracker.com/id/1030693 Vdb Entry
http://www.tenable.com/security/tns-2014-06 X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0 X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html Mailing List
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected