Vulnerability Details : CVE-2014-8176
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2014-8176
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8176
3.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8176
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8176
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8176
-
https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
Free up s->d1->buffered_app_data.q properly. · openssl/openssl@470990f · GitHub
-
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
FortiGuard
-
https://www.openssl.org/news/secadv_20150611.txt
Vendor Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
McAfee - Security Bulletin: Seven OpenSSL CVEs Announced on June 11, 2015
-
https://openssl.org/news/secadv/20150611.txt
-
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RHSA-2016:2957 - Security Advisory - Red Hat Customer Portal
-
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
FortiGuard
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
-
https://bto.bluecoat.com/security-advisory/sa98
SA98 : OpenSSL Security Advisory 11-June-2015
-
http://www.debian.org/security/2015/dsa-3287
Debian -- Security Information -- DSA-3287-1 openssl
-
http://www.securitytracker.com/id/1032564
OpenSSL Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
[security-announce] SUSE-SU-2015:1185-1: important: Security update for
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized AccessThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1115.html
RHSA-2015:1115 - Security Advisory - Red Hat Customer Portal
-
https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest
#3286: DTLS client crash while clearing (freeing) the dtls1_buffer_record queue (buffered_app_data)Exploit
-
http://www.securityfocus.com/bid/75159
OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
-
http://www.ubuntu.com/usn/USN-2639-1
USN-2639-1: OpenSSL vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
[security-announce] openSUSE-SU-2015:1277-1: important: Security update
-
https://security.gentoo.org/glsa/201506-02
OpenSSL: Multiple vulnerabilities (GLSA 201506-02) — Gentoo security
Jump to