Vulnerability Details : CVE-2014-3513
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-3513
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3513
51.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3513
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2014-3513
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3513
-
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d
git.openssl.org Git - openssl.git/commitPatch
-
http://www.debian.org/security/2014/dsa-3053
Debian -- Security Information -- DSA-3053-1 openssl
-
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
Apple - Lists.apple.com
-
http://marc.info/?l=bugtraq&m=142791032306609&w=2
'[security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, R' - MARC
-
http://marc.info/?l=bugtraq&m=142624590206005&w=2
'[security bulletin] HPSBMU03267 rev.1 - HP Matrix Operating Environment and HP CloudSystem Matrix ru' - MARC
-
https://support.apple.com/HT205217
About the security content of Xcode 7.0 - Apple Support
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
HPSBMU03611 rev.2 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities
-
http://advisories.mageia.org/MGASA-2014-0416.html
Mageia Advisory: MGASA-2014-0416 - Updated openssl packages fix security vulnerabilities
-
http://www.securitytracker.com/id/1031052
OpenSSL SRTP and Session Ticket Memory Leaks Let Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/70584
OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
[security-announce] SUSE-SU-2014:1357-1: important: Security update for
-
http://security.gentoo.org/glsa/glsa-201412-39.xml
OpenSSL: Multiple vulnerabilities (GLSA 201412-39) — Gentoo securityPatch
-
http://rhn.redhat.com/errata/RHSA-2014-1652.html
RHSA-2014:1652 - Security Advisory - Red Hat Customer Portal
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
McAfee Security Bulletin - Three SSLv3 Vulnerabilities
-
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html
-
http://marc.info/?l=bugtraq&m=142834685803386&w=2
'[security bulletin] HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL' - MARC
-
http://marc.info/?l=bugtraq&m=143290437727362&w=2
'[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Inf' - MARC
-
https://www.openssl.org/news/secadv_20141015.txt
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=143290583027876&w=2
'[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote' - MARC
-
http://marc.info/?l=bugtraq&m=142495837901899&w=2
'[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and W' - MARCPatch
-
http://marc.info/?l=bugtraq&m=143290522027658&w=2
'[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Wind' - MARC
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
HPSBMU03612 rev.2 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
[security-announce] openSUSE-SU-2014:1331-1: important: update for opens
-
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
Multiple vulnerabilities in OpenSSL | Oracle Third Party Vulnerability Resolution Blog
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
mandriva.com
-
http://marc.info/?l=bugtraq&m=142118135300698&w=2
'[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), ' - MARC
-
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
-
http://rhn.redhat.com/errata/RHSA-2014-1692.html
RHSA-2014:1692 - Security Advisory - Red Hat Customer Portal
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
IBM Security Bulletin:
-
http://marc.info/?l=bugtraq&m=142804214608580&w=2
'[security bulletin] HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Servic' - MARC
-
http://www.ubuntu.com/usn/USN-2385-1
USN-2385-1: OpenSSL vulnerabilities | Ubuntu security notices
Jump to