CVE-2014-2899
CyaSSL < 2.9.4 - Denial of Service via NULL Pointer Dereference
Title source: llmDescription
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Various Sources x_refsource_confirm
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-53
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/126
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66780
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/130
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57743
Scores
EPSS
0.0178
EPSS Percentile
75.6%
Details
CWE
CWE-20
Status
published
Products (41)
yassl/cyassl
0.2.0
yassl/cyassl
0.3.0
yassl/cyassl
0.4.0
yassl/cyassl
0.5.0
yassl/cyassl
0.5.5
yassl/cyassl
0.6.0
yassl/cyassl
0.6.2
yassl/cyassl
0.6.3
yassl/cyassl
0.8.0
yassl/cyassl
0.9.0
... and 31 more
Published
Apr 22, 2014
Tracked Since
Feb 18, 2026