National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-3470 Detail

Description

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Source:  MITRE      Last Modified:  06/05/2014

Evaluator Description

Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

Quick Info

CVE Dictionary Entry:
CVE-2014-3470
Original release date:
06/05/2014
Last revised:
11/14/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc External Source CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html External Source FEDORA FEDORA-2014-9301
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html External Source FEDORA FEDORA-2014-9308
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html External Source SUSE SUSE-SU-2015:0578
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html External Source SUSE SUSE-SU-2015:0743
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html External Source SUSE openSUSE-SU-2016:0640
http://marc.info/?l=bugtraq&m=140266410314613&w=2 External Source HP SSRT101590
http://marc.info/?l=bugtraq&m=140317760000786&w=2 External Source HP HPSBOV03047
http://marc.info/?l=bugtraq&m=140389274407904&w=2 External Source HP HPSBMU03057
http://marc.info/?l=bugtraq&m=140389355508263&w=2 External Source HP HPSBMU03056
http://marc.info/?l=bugtraq&m=140431828824371&w=2 External Source HP HPSBMU03055
http://marc.info/?l=bugtraq&m=140448122410568&w=2 External Source HP HPSBMU03051
http://marc.info/?l=bugtraq&m=140482916501310&w=2 External Source HP HPSBGN03050
http://marc.info/?l=bugtraq&m=140491231331543&w=2 External Source HP HPSBMU03065
http://marc.info/?l=bugtraq&m=140499827729550&w=2 External Source HP HPSBMU03069
http://marc.info/?l=bugtraq&m=140621259019789&w=2 External Source HP HPSBMU03074
http://marc.info/?l=bugtraq&m=140752315422991&w=2 External Source HP HPSBMU03062
http://marc.info/?l=bugtraq&m=140904544427729&w=2 External Source HP HPSBMU03076
http://seclists.org/fulldisclosure/2014/Dec/23 External Source FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://secunia.com/advisories/58337 External Source SECUNIA 58337
http://secunia.com/advisories/58615 External Source SECUNIA 58615
http://secunia.com/advisories/58667 External Source SECUNIA 58667
http://secunia.com/advisories/58713 External Source SECUNIA 58713
http://secunia.com/advisories/58714 External Source SECUNIA 58714
http://secunia.com/advisories/58716 External Source SECUNIA 58716
http://secunia.com/advisories/58742 External Source SECUNIA 58742
http://secunia.com/advisories/58945 External Source SECUNIA 58945
http://secunia.com/advisories/58977 External Source SECUNIA 58977
http://secunia.com/advisories/59167 External Source SECUNIA 59167
http://secunia.com/advisories/59175 External Source SECUNIA 59175
http://secunia.com/advisories/59189 External Source SECUNIA 59189
http://secunia.com/advisories/59192 External Source SECUNIA 59192
http://secunia.com/advisories/59223 External Source SECUNIA 59223
http://secunia.com/advisories/59264 External Source SECUNIA 59264
http://secunia.com/advisories/59282 External Source SECUNIA 59282
http://secunia.com/advisories/59284 External Source SECUNIA 59284
http://secunia.com/advisories/59287 External Source SECUNIA 59287
http://secunia.com/advisories/59306 External Source SECUNIA 59306
http://secunia.com/advisories/59310 External Source SECUNIA 59310
http://secunia.com/advisories/59340 External Source SECUNIA 59340
http://secunia.com/advisories/59362 External Source SECUNIA 59362
http://secunia.com/advisories/59364 External Source SECUNIA 59364
http://secunia.com/advisories/59365 External Source SECUNIA 59365
http://secunia.com/advisories/59431 External Source SECUNIA 59431
http://secunia.com/advisories/59437 External Source SECUNIA 59437
http://secunia.com/advisories/59440 External Source SECUNIA 59440
http://secunia.com/advisories/59441 External Source SECUNIA 59441
http://secunia.com/advisories/59445 External Source SECUNIA 59445
http://secunia.com/advisories/59449 External Source SECUNIA 59449
http://secunia.com/advisories/59460 External Source SECUNIA 59460
http://secunia.com/advisories/59483 External Source SECUNIA 59483
http://secunia.com/advisories/59518 External Source SECUNIA 59518
http://secunia.com/advisories/59525 External Source SECUNIA 59525
http://secunia.com/advisories/61254 External Source SECUNIA 61254
http://security.gentoo.org/glsa/glsa-201407-05.xml External Source GENTOO GLSA-201407-05
http://support.apple.com/kb/HT6443 External Source CONFIRM http://support.apple.com/kb/HT6443
http://support.citrix.com/article/CTX140876 External Source CONFIRM http://support.citrix.com/article/CTX140876
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html External Source CONFIRM http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl External Source CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://www.blackberry.com/btsc/KB36051 External Source CONFIRM http://www.blackberry.com/btsc/KB36051
http://www.f-secure.com/en/web/labs_global/fsc-2014-6 External Source CONFIRM http://www.f-secure.com/en/web/labs_global/fsc-2014-6
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm External Source CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=swg21676356 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg21676793 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676793
http://www.ibm.com/support/docview.wss?uid=swg24037783 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 External Source MANDRIVA MDVSA-2014:105
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 External Source MANDRIVA MDVSA-2014:106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 External Source MANDRIVA MDVSA-2015:062
http://www.novell.com/support/kb/doc.php?id=7015264 External Source CONFIRM http://www.novell.com/support/kb/doc.php?id=7015264
http://www.novell.com/support/kb/doc.php?id=7015300 External Source CONFIRM http://www.novell.com/support/kb/doc.php?id=7015300
http://www.openssl.org/news/secadv_20140605.txt Vendor Advisory External Source CONFIRM http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded External Source BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://www.securityfocus.com/bid/67898 External Source BID 67898
http://www.splunk.com/view/SP-CAAAM2D External Source CONFIRM http://www.splunk.com/view/SP-CAAAM2D
http://www.vmware.com/security/advisories/VMSA-2014-0006.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21675626 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675626
http://www-01.ibm.com/support/docview.wss?uid=swg21675821 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675821
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676071 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676071
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676496 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676496
http://www-01.ibm.com/support/docview.wss?uid=swg21676501 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676501
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21676615 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676615
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21678289 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678289
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-01.ibm.com/support/docview.wss?uid=swg24037761 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037761
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E External Source CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E External Source CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
https://bugzilla.redhat.com/show_bug.cgi?id=1103600 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1103600
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb Patch External Source CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80 External Source CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
https://www.novell.com/support/kb/doc.php?id=7015271 External Source CONFIRM https://www.novell.com/support/kb/doc.php?id=7015271

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*    versions up to (including) 0.9.8y
Configuration 4
OR
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 16 change records found - show changes