National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-0198 Detail

Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Source:  MITRE      Last Modified:  05/06/2014

Evaluator Description

CWE-476: NULL Pointer Dereference

Quick Info

CVE Dictionary Entry:
CVE-2014-0198
Original release date:
05/06/2014
Last revised:
11/14/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://advisories.mageia.org/MGASA-2014-0204.html External Source CONFIRM http://advisories.mageia.org/MGASA-2014-0204.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc External Source CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html External Source FEDORA FEDORA-2014-9301
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html External Source FEDORA FEDORA-2014-9308
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html External Source SUSE SUSE-SU-2015:0743
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html External Source SUSE openSUSE-SU-2014:0634
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html External Source SUSE openSUSE-SU-2014:0635
http://marc.info/?l=bugtraq&m=140389274407904&w=2 External Source HP HPSBMU03057
http://marc.info/?l=bugtraq&m=140389355508263&w=2 External Source HP HPSBMU03056
http://marc.info/?l=bugtraq&m=140431828824371&w=2 External Source HP HPSBMU03055
http://marc.info/?l=bugtraq&m=140448122410568&w=2 External Source HP HPSBMU03051
http://marc.info/?l=bugtraq&m=140544599631400&w=2 External Source HP HPSBGN03068
http://marc.info/?l=bugtraq&m=140621259019789&w=2 External Source HP HPSBMU03074
http://marc.info/?l=bugtraq&m=140752315422991&w=2 External Source HP HPSBMU03062
http://marc.info/?l=bugtraq&m=140904544427729&w=2 External Source HP HPSBMU03076
http://marc.info/?l=bugtraq&m=141658880509699&w=2 External Source HP HPSBHF03052
http://puppetlabs.com/security/cve/cve-2014-0198 External Source CONFIRM http://puppetlabs.com/security/cve/cve-2014-0198
http://seclists.org/fulldisclosure/2014/Dec/23 External Source FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://secunia.com/advisories/58337 External Source SECUNIA 58337
http://secunia.com/advisories/58667 External Source SECUNIA 58667
http://secunia.com/advisories/58713 External Source SECUNIA 58713
http://secunia.com/advisories/58714 External Source SECUNIA 58714
http://secunia.com/advisories/58945 External Source SECUNIA 58945
http://secunia.com/advisories/58977 External Source SECUNIA 58977
http://secunia.com/advisories/59163 External Source SECUNIA 59163
http://secunia.com/advisories/59190 External Source SECUNIA 59190
http://secunia.com/advisories/59202 External Source SECUNIA 59202
http://secunia.com/advisories/59264 External Source SECUNIA 59264
http://secunia.com/advisories/59282 External Source SECUNIA 59282
http://secunia.com/advisories/59284 External Source SECUNIA 59284
http://secunia.com/advisories/59287 External Source SECUNIA 59287
http://secunia.com/advisories/59306 External Source SECUNIA 59306
http://secunia.com/advisories/59310 External Source SECUNIA 59310
http://secunia.com/advisories/59374 External Source SECUNIA 59374
http://secunia.com/advisories/59398 External Source SECUNIA 59398
http://secunia.com/advisories/59437 External Source SECUNIA 59437
http://secunia.com/advisories/59440 External Source SECUNIA 59440
http://secunia.com/advisories/59449 External Source SECUNIA 59449
http://secunia.com/advisories/59525 External Source SECUNIA 59525
http://secunia.com/advisories/59529 External Source SECUNIA 59529
http://secunia.com/advisories/61254 External Source SECUNIA 61254
http://security.gentoo.org/glsa/glsa-201407-05.xml External Source GENTOO GLSA-201407-05
http://support.citrix.com/article/CTX140876 External Source CONFIRM http://support.citrix.com/article/CTX140876
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html External Source CONFIRM http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl External Source CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://www.blackberry.com/btsc/KB36051 External Source CONFIRM http://www.blackberry.com/btsc/KB36051
http://www.debian.org/security/2014/dsa-2931 External Source DEBIAN DSA-2931
http://www.fortiguard.com/advisory/FG-IR-14-018/ External Source CONFIRM http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm External Source CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=swg21676356 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg24037783 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080 External Source MANDRIVA MDVSA-2014:080
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 External Source MANDRIVA MDVSA-2015:062
http://www.openbsd.org/errata55.html#005_openssl External Source OPENBSD [5.5] 005: RELIABILITY FIX: May 1, 2014
http://www.openssl.org/news/secadv_20140605.txt External Source CONFIRM http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded External Source BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://www.securityfocus.com/bid/67193 External Source BID 67193
http://www.vmware.com/security/advisories/VMSA-2014-0006.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
https://bugzilla.redhat.com/show_bug.cgi?id=1093837 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1093837
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80 External Source CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 External Source CONFIRM https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
https://www.novell.com/support/kb/doc.php?id=7015271 External Source CONFIRM https://www.novell.com/support/kb/doc.php?id=7015271

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 14 change records found - show changes