SUSE: CVE-2014-3505: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | August 13, 2014 | December 18, 2015 | October 11, 2017 |
Description
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- SUSE-SUSE-SU-2014:1033-1
- SUSE-SUSE-SU-2014:1049-1
- SUSE-SUSE-SU-2014:1104-1
- SUSE-SUSE-SU-2014:1208-1
- NETBSD-NetBSD-SA2014-008
- REDHAT-RHSA-2014:1256
- REDHAT-RHSA-2014:1297
- SECUNIA-58962
- SECUNIA-59700
- SECUNIA-59710
- SECUNIA-59743
- SECUNIA-60022
- SECUNIA-60221
- SECUNIA-60493
- SECUNIA-60684
- SECUNIA-60778
- SECUNIA-60803
- SECUNIA-61040
- SECUNIA-61100
- SECUNIA-61184
- SECUNIA-61250
- GENTOO-GLSA-201412-39
- DEBIAN-DSA-2998
- MANDRIVA-MDVSA-2014:158
- BID-69081
- SECTRACK-1030693
- NVD-CVE-2014-3505
- UBUNTU-USN-2308-1
Solution
suse-upgrade-libopenssl-develRelated Vulnerabilities
- OpenSSL Double Free when processing DTLS packets (CVE-2014-3505)
- F5 Networks: K15573 (CVE-2014-3505): OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507
- HP-UX: CVE-2014-3505: running OpenSSL, Multiple Vulnerabilities
- Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
- IBM AIX: openssl_advisory10 (CVE-2014-3505): Vulnerabilities in OpenSSL affects AIX
- Oracle Solaris 11: CVE-2014-3505: Vulnerability in OpenSSL
- Gentoo Linux: CVE-2014-3505: OpenSSL: Multiple vulnerabilities