CVE-2014-3509: Race Condition
First published: Thu Aug 07 2014(Updated: )
A race condition was found in the ssl_parse_serverhello_tlsext() code that may result in upto 255 bytes being written to memory that had been free'd if an ec point format extension was sent by the server. This issue only affects multi-threaded clients.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openssl | <1.0.1 | 1.0.1 |
| OpenSSL libcrypto | =1.0.0 | |
| OpenSSL libcrypto | =1.0.0-beta1 | |
| OpenSSL libcrypto | =1.0.0-beta2 | |
| OpenSSL libcrypto | =1.0.0-beta3 | |
| OpenSSL libcrypto | =1.0.0-beta4 | |
| OpenSSL libcrypto | =1.0.0-beta5 | |
| OpenSSL libcrypto | =1.0.0a | |
| OpenSSL libcrypto | =1.0.0b | |
| OpenSSL libcrypto | =1.0.0c | |
| OpenSSL libcrypto | =1.0.0d | |
| OpenSSL libcrypto | =1.0.0e | |
| OpenSSL libcrypto | =1.0.0f | |
| OpenSSL libcrypto | =1.0.0g | |
| OpenSSL libcrypto | =1.0.0h | |
| OpenSSL libcrypto | =1.0.0i | |
| OpenSSL libcrypto | =1.0.0j | |
| OpenSSL libcrypto | =1.0.0k | |
| OpenSSL libcrypto | =1.0.0l | |
| OpenSSL libcrypto | =1.0.0m | |
| OpenSSL libcrypto | =1.0.1 | |
| OpenSSL libcrypto | =1.0.1-beta1 | |
| OpenSSL libcrypto | =1.0.1-beta2 | |
| OpenSSL libcrypto | =1.0.1-beta3 | |
| OpenSSL libcrypto | =1.0.1a | |
| OpenSSL libcrypto | =1.0.1b | |
| OpenSSL libcrypto | =1.0.1c | |
| OpenSSL libcrypto | =1.0.1d | |
| OpenSSL libcrypto | =1.0.1e | |
| OpenSSL libcrypto | =1.0.1f | |
| OpenSSL libcrypto | =1.0.1g | |
| OpenSSL libcrypto | =1.0.1h |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
- http://marc.info/?l=bugtraq&m=142350350616251&w=2
- http://marc.info/?l=bugtraq&m=142495837901899&w=2
- http://marc.info/?l=bugtraq&m=142624590206005&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://marc.info/?l=bugtraq&m=142791032306609&w=2
- http://marc.info/?l=bugtraq&m=143290437727362&w=2
- http://marc.info/?l=bugtraq&m=143290522027658&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0197.html
- http://secunia.com/advisories/58962
- http://secunia.com/advisories/59700
- http://secunia.com/advisories/59710
- http://secunia.com/advisories/59756
- http://secunia.com/advisories/60022
- http://secunia.com/advisories/60221
- http://secunia.com/advisories/60493
- http://secunia.com/advisories/60684
- http://secunia.com/advisories/60803
- http://secunia.com/advisories/60917
- http://secunia.com/advisories/60921
- http://secunia.com/advisories/60938
- http://secunia.com/advisories/61017
- http://secunia.com/advisories/61100
- http://secunia.com/advisories/61139
- http://secunia.com/advisories/61184
- http://secunia.com/advisories/61775
- http://secunia.com/advisories/61959
- http://security.gentoo.org/glsa/glsa-201412-39.xml
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www.debian.org/security/2014/dsa-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
- http://www.securityfocus.com/bid/69084
- http://www.securitytracker.com/id/1030693
- https://bugzilla.redhat.com/show_bug.cgi?id=1127498
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95159
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
- https://support.citrix.com/article/CTX216642
- https://techzone.ergon.ch/CVE-2014-3511
- https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
- https://www.openssl.org/news/secadv_20140806.txt
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=36ca4ba6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127704
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127705
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1127709
- https://rhn.redhat.com/errata/RHSA-2014-1052.html
- https://rhn.redhat.com/errata/RHSA-2014-1054.html
- https://rhn.redhat.com/errata/RHSA-2015-0197.html
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-3509
- agent/software-canonical-lookup
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/openssl
- canonical/openssl libcrypto
- version/openssl libcrypto/1.0.0
- version/openssl libcrypto/1.0.0-beta1
- version/openssl libcrypto/1.0.0-beta2
- version/openssl libcrypto/1.0.0-beta3
- version/openssl libcrypto/1.0.0-beta4
- version/openssl libcrypto/1.0.0-beta5
- version/openssl libcrypto/1.0.0a
- version/openssl libcrypto/1.0.0b
- version/openssl libcrypto/1.0.0c
- version/openssl libcrypto/1.0.0d
- version/openssl libcrypto/1.0.0e
- version/openssl libcrypto/1.0.0f
- version/openssl libcrypto/1.0.0g
- version/openssl libcrypto/1.0.0h
- version/openssl libcrypto/1.0.0i
- version/openssl libcrypto/1.0.0j
- version/openssl libcrypto/1.0.0k
- version/openssl libcrypto/1.0.0l
- version/openssl libcrypto/1.0.0m
- version/openssl libcrypto/1.0.1
- version/openssl libcrypto/1.0.1-beta1
- version/openssl libcrypto/1.0.1-beta2
- version/openssl libcrypto/1.0.1-beta3
- version/openssl libcrypto/1.0.1a
- version/openssl libcrypto/1.0.1b
- version/openssl libcrypto/1.0.1c
- version/openssl libcrypto/1.0.1d
- version/openssl libcrypto/1.0.1e
- version/openssl libcrypto/1.0.1f
- version/openssl libcrypto/1.0.1g
- version/openssl libcrypto/1.0.1h