CVE-2014-2899

CyaSSL < 2.9.4 - Denial of Service via NULL Pointer Dereference

Title source: llm
STIX 2.1

Description

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201612-53
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/126
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66780
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/130
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57743

Scores

EPSS 0.0178
EPSS Percentile 75.6%

Details

CWE
CWE-20
Status published
Products (41)
yassl/cyassl 0.2.0
yassl/cyassl 0.3.0
yassl/cyassl 0.4.0
yassl/cyassl 0.5.0
yassl/cyassl 0.5.5
yassl/cyassl 0.6.0
yassl/cyassl 0.6.2
yassl/cyassl 0.6.3
yassl/cyassl 0.8.0
yassl/cyassl 0.9.0
... and 31 more
Published Apr 22, 2014
Tracked Since Feb 18, 2026