CVE-2014-0198
published 2014-05-06CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.0.1g-4 (bookworm) | openssl 1.0.1g-4 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.13 | 10.0.13 |
| openssl | openssl | >= 0 < 1.0.1g-4 | 1.0.1g-4 |
| openssl | openssl | >= 0 < 1.0.1g-4 | 1.0.1g-4 |
| openssl | openssl | >= 0 < 1.0.1g-4 | 1.0.1g-4 |
| openssl | openssl | >= 0 < 1.0.1g-4 | 1.0.1g-4 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.1 | 1.0.1f-1ubuntu2.1 |
| openssl | openssl | 1.0.0 – 1.0.1g | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM