CVE-2014-3470
published 2014-06-05CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1h-1 (bookworm) | openssl 1.0.1h-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.13 | 10.0.13 |
| openssl | openssl | < 0.9.8za | 0.9.8za |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.3 | 1.0.1f-1ubuntu2.3 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.4 | 1.0.1f-1ubuntu2.4 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.2 | 1.0.1f-1ubuntu2.2 |
| openssl | openssl | >= 1.0.0 < 1.0.0m | 1.0.0m |
| openssl | openssl | >= 1.0.1 < 1.0.1h | 1.0.1h |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | storage | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.8MEDIUM