Vulnerability Details : CVE-2014-2899
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
Vulnerability category: Memory CorruptionInput validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-2899
Probability of exploitation activity in the next 30 days: 5.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2899
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-2899
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2899
-
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
wolfSSL Security Advisory: April 9, 2014 - wolfSSLVendor Advisory
-
http://seclists.org/oss-sec/2014/q2/130
oss-sec: Re: CVE ids for CyaSSL 2.9.4?
-
http://www.securityfocus.com/bid/66780
CyaSSL Multiple Security Vulnerabilities
-
http://seclists.org/oss-sec/2014/q2/126
oss-sec: CVE ids for CyaSSL 2.9.4?
-
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
wolfSSL Changelog | wolfSSL Embedded SSL/TLS Library Documentation
-
https://security.gentoo.org/glsa/201612-53
CyaSSL: Multiple vulnerabilities (GLSA 201612-53) — Gentoo security
Products affected by CVE-2014-2899
- cpe:2.3:a:yassl:cyassl:*:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:yassl:cyassl:2.6.0:*:*:*:*:*:*:*