CVE-2014-8176

OpenSSL < 0.9.8za, 1.0.0 < 1.0.0m, 1.0.1 < 1.0.1h - Denial of Service via DTLS ChangeCipherSpec Handling

Title source: llm
STIX 2.1

Description

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

References (21)

Core 21
Core References
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3287
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032564
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/75159
Vendor Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2639-1
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201506-02
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1115.html
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html

Scores

EPSS 0.2156
EPSS Percentile 95.8%

Details

CWE
CWE-119
Status published
Products (22)
openssl/openssl 1.0.0 (6 CPE variants)
openssl/openssl 1.0.0a
openssl/openssl 1.0.0b
openssl/openssl 1.0.0c
openssl/openssl 1.0.0d
openssl/openssl 1.0.0e
openssl/openssl 1.0.0f
openssl/openssl 1.0.0g
openssl/openssl 1.0.0h
openssl/openssl 1.0.0i
... and 12 more
Published Jun 12, 2015
Tracked Since Feb 18, 2026