Vulnerabilities > CVE-2014-9424 - Denial-Of-Service vulnerability in Libressl

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

openbsd

NVD

Published: 2014-12-29

Updated: 2014-12-30

Summary

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>

Vulnerable Configurations

Part	Description	Count
Application	Openbsd Openbsd Libressl 2.0.0 Openbsd Libressl 2.0.1 Openbsd Libressl 2.0.2 Openbsd Libressl 2.0.3 Openbsd Libressl 2.0.4 Openbsd Libressl 2.0.5 Openbsd Libressl 2.0.6 Openbsd Libressl 2.1.0 Openbsd Libressl 2.1.1	9

References

https://code.google.com/p/google-security-research/issues/detail?id=202
https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0