CVE-2014-0625

RSA BSAFE SSL-J 5.x < 5.1.3 and 6.x < 6.0.2 - Denial of Service via TLS Handshake Data Buffering

Title source: llm
STIX 2.1

Description

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html

Scores

EPSS 0.0047
EPSS Percentile 65.0%

Details

CWE
CWE-399
Status published
Products (6)
dell/bsafe_ssl-j 5.1.2
dell/bsafe_ssl-j 6.0
emc/rsa_bsafe_ssl-j 5.0
emc/rsa_bsafe_ssl-j 5.1.0
emc/rsa_bsafe_ssl-j 5.1.1
emc/rsa_bsafe_ssl-j 6.0.1
Published Feb 18, 2014
Tracked Since Feb 18, 2026