CVE-2014-3506 — Missing Authorization in Openssl
CWE-399CWE-862 — Missing AuthorizationCWE-400 — Uncontrolled Resource Consumption14 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
51.7%
top 2.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateMay 17
Description
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
4🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3510 CVE-2014-3508 mingw32-openssl: various flaws [epel-5]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]↗2014-08-07