CVE-2014-3505 — Operation on a Resource after Expiration or Release in Openssl
Severity
5.0MEDIUMNVD
EPSS
46.9%
top 2.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateMay 17
Description
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
3🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3510 CVE-2014-3508 mingw32-openssl: various flaws [epel-5]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]↗2014-08-07