Moderate

CVE-2014-3571 - Unspecified vulnerability in Openssl

Publication: 2015-01-09
Summary

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Openssl Openssl 0.9.8zc
  • Openssl Openssl 1.0.1j
  • Openssl Openssl 1.0.0b
  • Openssl Openssl 1.0.0c
  • Openssl Openssl 1.0.0d
  • Openssl Openssl 1.0.0e
  • Openssl Openssl 1.0.0f
  • Openssl Openssl 1.0.0g
  • Openssl Openssl 1.0.0h
  • Openssl Openssl 1.0.0i
  • Openssl Openssl 1.0.0j
  • Openssl Openssl 1.0.0k
  • Openssl Openssl 1.0.0l
  • Openssl Openssl 1.0.0a
  • Openssl Openssl 1.0.0n
  • Openssl Openssl 1.0.0o
  • Openssl Openssl 1.0.1a
  • Openssl Openssl 1.0.1b
  • Openssl Openssl 1.0.1c
  • Openssl Openssl 1.0.1d
  • Openssl Openssl 1.0.1e
  • Openssl Openssl 1.0.1f
  • Openssl Openssl 1.0.1g
  • Openssl Openssl 1.0.1h
  • Openssl Openssl 1.0.1i
  • Openssl Openssl 1.0.0m

References