U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2014-8275 Detail

Description

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 CERT/CC, CVE
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html CERT/CC, CVE
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html CERT/CC, CVE
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html CERT/CC, CVE
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html CERT/CC, CVE
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html CERT/CC, CVE
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html CERT/CC, CVE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html CERT/CC, CVE
http://marc.info/?l=bugtraq&m=142496179803395&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=142496289803847&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=142720981827617&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=142721102728110&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=142895206924048&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=143748090628601&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=144050155601375&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=144050205101530&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=144050254401665&w=2 CERT/CC, CVE
http://marc.info/?l=bugtraq&m=144050297101809&w=2 CERT/CC, CVE
http://rhn.redhat.com/errata/RHSA-2015-0066.html CERT/CC, CVE
http://rhn.redhat.com/errata/RHSA-2015-0800.html CERT/CC, CVE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl CERT/CC, CVE
http://www.debian.org/security/2015/dsa-3125 CERT/CC, CVE
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019 CERT/CC, CVE
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 CERT/CC, CVE
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CERT/CC, CVE
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CERT/CC, CVE
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html CERT/CC, CVE
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html CERT/CC, CVE
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html CERT/CC, CVE
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CERT/CC, CVE
http://www.securityfocus.com/bid/71935 CERT/CC, CVE
http://www.securitytracker.com/id/1033378 CERT/CC, CVE
https://bto.bluecoat.com/security-advisory/sa88 CERT/CC, CVE
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e CERT/CC, CVE
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b CERT/CC, CVE
https://kc.mcafee.com/corporate/index?page=content&id=SB10102 CERT/CC, CVE
https://kc.mcafee.com/corporate/index?page=content&id=SB10108 CERT/CC, CVE
https://support.apple.com/HT204659 CERT/CC, CVE
https://support.citrix.com/article/CTX216642 CERT/CC, CVE
https://www.openssl.org/news/secadv_20150108.txt CERT/CC, CVE Vendor Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-310 Cryptographic Issues cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

26 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-8275
NVD Published Date:
01/08/2015
NVD Last Modified:
04/12/2025
Source:
CERT/CC