CVE-2014-3509

OpenSSL 1.0.0-1.0.0m and 1.0.1-1.0.1h - Denial of Service via EC Supported Point Formats Extension Race Condition

Title source: llm
STIX 2.1

Description

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

References (52)

Core 52
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1127498
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60221
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61184
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142660345230545&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60022
Vendor Advisory x_refsource_confirm
https://www.openssl.org/news/secadv_20140806.txt
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61017
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0197.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142350350616251&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142791032306609&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69084
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201412-39.xml
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142495837901899&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60803
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59700
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030693
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60917
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60493
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59710
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60921
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61100
Vendor Advisory vendor-advisory x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61775
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2998
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=143290437727362&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95159
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61959
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59756
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142624590206005&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=143290522027658&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58962
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60938
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60684
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX216642
Various Sources x_refsource_confirm
https://techzone.ergon.ch/CVE-2014-3511
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61139
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997

Scores

EPSS 0.1297
EPSS Percentile 94.2%

Details

CWE
CWE-362
Status published
Products (23)
openssl/openssl 1.0.0 (6 CPE variants)
openssl/openssl 1.0.0a
openssl/openssl 1.0.0b
openssl/openssl 1.0.0c
openssl/openssl 1.0.0d
openssl/openssl 1.0.0e
openssl/openssl 1.0.0f
openssl/openssl 1.0.0g
openssl/openssl 1.0.0h
openssl/openssl 1.0.0i
... and 13 more
Published Aug 13, 2014
Tracked Since Feb 18, 2026