U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

  1. Vulnerabilities

CVE-2014-0198 Detail

Current Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.


View Analysis Description

Evaluator Description

CWE-476: NULL Pointer Dereference

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  N/A
NVD score not yet provided.


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have not published a CVSS score for this CVE at this time. NVD Analysts use publicly available information at the time of analysis to associate CVSS vector strings.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://advisories.mageia.org/MGASA-2014-0204.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://marc.info/?l=bugtraq&m=140431828824371&w=2
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://marc.info/?l=bugtraq&m=140544599631400&w=2
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://marc.info/?l=bugtraq&m=141658880509699&w=2
http://puppetlabs.com/security/cve/cve-2014-0198
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/58337
http://secunia.com/advisories/58667
http://secunia.com/advisories/58713
http://secunia.com/advisories/58714
http://secunia.com/advisories/58945
http://secunia.com/advisories/58977
http://secunia.com/advisories/59163
http://secunia.com/advisories/59190
http://secunia.com/advisories/59202
http://secunia.com/advisories/59264
http://secunia.com/advisories/59282
http://secunia.com/advisories/59284
http://secunia.com/advisories/59287
http://secunia.com/advisories/59306
http://secunia.com/advisories/59310
http://secunia.com/advisories/59374
http://secunia.com/advisories/59398
http://secunia.com/advisories/59437
http://secunia.com/advisories/59440
http://secunia.com/advisories/59449
http://secunia.com/advisories/59525
http://secunia.com/advisories/59529
http://secunia.com/advisories/61254
http://security.gentoo.org/glsa/glsa-201407-05.xml
http://support.citrix.com/article/CTX140876
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
http://www.blackberry.com/btsc/KB36051
http://www.debian.org/security/2014/dsa-2931
http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.openbsd.org/errata55.html#005_openssl
http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/67193
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=1093837
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
https://www.novell.com/support/kb/doc.php?id=7015271

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

16 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-0198
NVD Published Date:
05/06/2014
NVD Last Modified:
10/09/2018
Source:
Red Hat, Inc.