CVE-2014-3506
First published: Thu Aug 07 2014(Updated: )
A vulnerability in the processing of DTLS handshake messages was found that results in large amounts of memory being used. Once the Denial Of Service attack has ceased, the memory will be freed.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openssl | <1.0.1 | 1.0.1 |
| redhat/openssl | <0.9.8 | 0.9.8 |
| OpenSSL libcrypto | =0.9.8 | |
| OpenSSL libcrypto | =0.9.8a | |
| OpenSSL libcrypto | =0.9.8b | |
| OpenSSL libcrypto | =0.9.8c | |
| OpenSSL libcrypto | =0.9.8d | |
| OpenSSL libcrypto | =0.9.8e | |
| OpenSSL libcrypto | =0.9.8f | |
| OpenSSL libcrypto | =0.9.8g | |
| OpenSSL libcrypto | =0.9.8h | |
| OpenSSL libcrypto | =0.9.8i | |
| OpenSSL libcrypto | =0.9.8j | |
| OpenSSL libcrypto | =0.9.8k | |
| OpenSSL libcrypto | =0.9.8l | |
| OpenSSL libcrypto | =0.9.8m | |
| OpenSSL libcrypto | =0.9.8m-beta1 | |
| OpenSSL libcrypto | =0.9.8n | |
| OpenSSL libcrypto | =0.9.8o | |
| OpenSSL libcrypto | =0.9.8p | |
| OpenSSL libcrypto | =0.9.8q | |
| OpenSSL libcrypto | =0.9.8r | |
| OpenSSL libcrypto | =0.9.8s | |
| OpenSSL libcrypto | =0.9.8t | |
| OpenSSL libcrypto | =0.9.8u | |
| OpenSSL libcrypto | =0.9.8v | |
| OpenSSL libcrypto | =0.9.8w | |
| OpenSSL libcrypto | =0.9.8x | |
| OpenSSL libcrypto | =0.9.8y | |
| OpenSSL libcrypto | =0.9.8za | |
| OpenSSL libcrypto | =1.0.0 | |
| OpenSSL libcrypto | =1.0.0-beta1 | |
| OpenSSL libcrypto | =1.0.0-beta2 | |
| OpenSSL libcrypto | =1.0.0-beta3 | |
| OpenSSL libcrypto | =1.0.0-beta4 | |
| OpenSSL libcrypto | =1.0.0-beta5 | |
| OpenSSL libcrypto | =1.0.0a | |
| OpenSSL libcrypto | =1.0.0b | |
| OpenSSL libcrypto | =1.0.0c | |
| OpenSSL libcrypto | =1.0.0d | |
| OpenSSL libcrypto | =1.0.0e | |
| OpenSSL libcrypto | =1.0.0f | |
| OpenSSL libcrypto | =1.0.0g | |
| OpenSSL libcrypto | =1.0.0h | |
| OpenSSL libcrypto | =1.0.0i | |
| OpenSSL libcrypto | =1.0.0j | |
| OpenSSL libcrypto | =1.0.0k | |
| OpenSSL libcrypto | =1.0.0l | |
| OpenSSL libcrypto | =1.0.0m | |
| OpenSSL libcrypto | =1.0.1 | |
| OpenSSL libcrypto | =1.0.1-beta1 | |
| OpenSSL libcrypto | =1.0.1-beta2 | |
| OpenSSL libcrypto | =1.0.1-beta3 | |
| OpenSSL libcrypto | =1.0.1a | |
| OpenSSL libcrypto | =1.0.1b | |
| OpenSSL libcrypto | =1.0.1c | |
| OpenSSL libcrypto | =1.0.1d | |
| OpenSSL libcrypto | =1.0.1e | |
| OpenSSL libcrypto | =1.0.1f | |
| OpenSSL libcrypto | =1.0.1g | |
| OpenSSL libcrypto | =1.0.1h |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
- http://marc.info/?l=bugtraq&m=140853041709441&w=2
- http://marc.info/?l=bugtraq&m=141077370928502&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1256.html
- http://rhn.redhat.com/errata/RHSA-2014-1297.html
- http://secunia.com/advisories/58962
- http://secunia.com/advisories/59221
- http://secunia.com/advisories/59700
- http://secunia.com/advisories/59710
- http://secunia.com/advisories/59743
- http://secunia.com/advisories/59756
- http://secunia.com/advisories/60022
- http://secunia.com/advisories/60221
- http://secunia.com/advisories/60493
- http://secunia.com/advisories/60684
- http://secunia.com/advisories/60687
- http://secunia.com/advisories/60778
- http://secunia.com/advisories/60803
- http://secunia.com/advisories/60824
- http://secunia.com/advisories/60917
- http://secunia.com/advisories/60921
- http://secunia.com/advisories/60938
- http://secunia.com/advisories/61017
- http://secunia.com/advisories/61040
- http://secunia.com/advisories/61100
- http://secunia.com/advisories/61184
- http://secunia.com/advisories/61250
- http://secunia.com/advisories/61775
- http://secunia.com/advisories/61959
- http://security.gentoo.org/glsa/glsa-201412-39.xml
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www.debian.org/security/2014/dsa-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
- http://www.securityfocus.com/bid/69076
- http://www.securitytracker.com/id/1030693
- https://bugzilla.redhat.com/show_bug.cgi?id=1127500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95160
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
- https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
- https://www.openssl.org/news/secadv_20140806.txt
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1250f12613b61758675848f6600ebd914ccd7636
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127704
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127705
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127709
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127885
- https://rhn.redhat.com/errata/RHSA-2014-1053.html
- https://rhn.redhat.com/errata/RHSA-2014-1052.html
- https://rhn.redhat.com/errata/RHSA-2014-1054.html
- https://rhn.redhat.com/errata/RHSA-2014-1256.html
- https://rhn.redhat.com/errata/RHSA-2014-1297.html
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-3506
- agent/software-canonical-lookup
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/openssl
- canonical/openssl libcrypto
- version/openssl libcrypto/0.9.8
- version/openssl libcrypto/0.9.8a
- version/openssl libcrypto/0.9.8b
- version/openssl libcrypto/0.9.8c
- version/openssl libcrypto/0.9.8d
- version/openssl libcrypto/0.9.8e
- version/openssl libcrypto/0.9.8f
- version/openssl libcrypto/0.9.8g
- version/openssl libcrypto/0.9.8h
- version/openssl libcrypto/0.9.8i
- version/openssl libcrypto/0.9.8j
- version/openssl libcrypto/0.9.8k
- version/openssl libcrypto/0.9.8l
- version/openssl libcrypto/0.9.8m
- version/openssl libcrypto/0.9.8m-beta1
- version/openssl libcrypto/0.9.8n
- version/openssl libcrypto/0.9.8o
- version/openssl libcrypto/0.9.8p
- version/openssl libcrypto/0.9.8q
- version/openssl libcrypto/0.9.8r
- version/openssl libcrypto/0.9.8s
- version/openssl libcrypto/0.9.8t
- version/openssl libcrypto/0.9.8u
- version/openssl libcrypto/0.9.8v
- version/openssl libcrypto/0.9.8w
- version/openssl libcrypto/0.9.8x
- version/openssl libcrypto/0.9.8y
- version/openssl libcrypto/0.9.8za
- version/openssl libcrypto/1.0.0
- version/openssl libcrypto/1.0.0-beta1
- version/openssl libcrypto/1.0.0-beta2
- version/openssl libcrypto/1.0.0-beta3
- version/openssl libcrypto/1.0.0-beta4
- version/openssl libcrypto/1.0.0-beta5
- version/openssl libcrypto/1.0.0a
- version/openssl libcrypto/1.0.0b
- version/openssl libcrypto/1.0.0c
- version/openssl libcrypto/1.0.0d
- version/openssl libcrypto/1.0.0e
- version/openssl libcrypto/1.0.0f
- version/openssl libcrypto/1.0.0g
- version/openssl libcrypto/1.0.0h
- version/openssl libcrypto/1.0.0i
- version/openssl libcrypto/1.0.0j
- version/openssl libcrypto/1.0.0k
- version/openssl libcrypto/1.0.0l
- version/openssl libcrypto/1.0.0m
- version/openssl libcrypto/1.0.1
- version/openssl libcrypto/1.0.1-beta1
- version/openssl libcrypto/1.0.1-beta2
- version/openssl libcrypto/1.0.1-beta3
- version/openssl libcrypto/1.0.1a
- version/openssl libcrypto/1.0.1b
- version/openssl libcrypto/1.0.1c
- version/openssl libcrypto/1.0.1d
- version/openssl libcrypto/1.0.1e
- version/openssl libcrypto/1.0.1f
- version/openssl libcrypto/1.0.1g
- version/openssl libcrypto/1.0.1h