HP-UX: CVE-2014-3505: running OpenSSL, Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | August 13, 2014 | August 11, 2017 | September 12, 2017 |
Description
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
hpux-update-openssl-openssl-cerRelated Vulnerabilities
- OpenSSL Double Free when processing DTLS packets (CVE-2014-3505)
- ELSA-2014-1653 Moderate: Oracle Linux openssl security update
- RHSA-2014:1053: openssl security update
- ELSA-2014-1052 Moderate: Oracle Linux openssl security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-14:18.openssl) (Multiple CVEs)
- F5 Networks: K15573 (CVE-2014-3505): OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
- DSA-2998-1 openssl -- security update
- SUSE: CVE-2014-3505: SUSE Linux Security Advisory
- USN-2308-1: OpenSSL vulnerabilities
- Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- ELSA-2014-1053 Moderate: Oracle Linux openssl security update
- IBM AIX: openssl_advisory10 (CVE-2014-3505): Vulnerabilities in OpenSSL affects AIX
- Oracle Solaris 11: CVE-2014-3505: Vulnerability in OpenSSL
- Oracle Linux: CVE-2014-3505: ELSA-2016-3558 - openssl security update
- Gentoo Linux: CVE-2014-3505: OpenSSL: Multiple vulnerabilities
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-391) (multiple CVEs)
- RHSA-2014:1052: openssl security update