CVE-2014-3508 — Sensitive Information Exposure in Openssl

CWE-200 — Sensitive Information Exposure16 documents9 sources

Severity

9.8CRITICALNVD

NVD4.3OSV5.0OSV4.3

EPSS

3.1%

top 13.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Openbsd Libressl Debian Openssl +2 more

Timeline

PublishedAug 13

Latest updateMay 24

Description

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

▶debiandebian/openssl< openssl 1.0.1i-1 (bookworm)

▶Debianopenssl/openssl< 1.0.1i-1+3

▶Ubuntuopenssl/openssl< 1.0.1f-1ubuntu2.5

▶NVDopenssl/openssl50 versions+49

▶NVDopenbsd/libressl< 2.3.1

🔴Vulnerability Details

GHSA

GHSA-6q9j-c3rh-x87m: Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2↗2022-05-24

▶

GHSA

GHSA-5fxv-32q4-g2fh: The OBJ_obj2txt function in crypto/objects/obj_dat↗2022-05-17

▶

OSV

CVE-2014-3508: The OBJ_obj2txt function in crypto/objects/obj_dat↗2014-08-13

▶

OSV

openssl vulnerabilities↗2014-08-07

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:18.openssl: OpenSSL multiple vulnerabilities↗2014-09-09

▶

Ubuntu

OpenSSL vulnerabilities↗2014-08-07

▶

Red Hat

openssl: information leak in pretty printing functions↗2014-08-06

▶

Debian

CVE-2014-3508: openssl - The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9...↗2014

▶

🕵️Threat Intelligence

Tenable

[R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability↗2014-08-21

▶

💬Community

Bugzilla

CVE-2014-3505 CVE-2014-3506 CVE-2014-3510 CVE-2014-3508 mingw32-openssl: various flaws [epel-5]↗2014-08-07

▶

Bugzilla

CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]↗2014-08-07

▶

Bugzilla

CVE-2014-3508 openssl: information leak in pretty printing functions↗2014-08-07

▶

Bugzilla

CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]↗2014-08-07

▶

Bugzilla

CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]↗2014-08-07

▶