CVE-2014-3510 — NULL Pointer Dereference in Openssl
Severity
4.3MEDIUMNVD
OSV5.0
EPSS
14.8%
top 5.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateMay 17
Description
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2014-3510: openssl - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before ...↗2014
🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3510 CVE-2014-3508 mingw32-openssl: various flaws [epel-5]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]↗2014-08-07
Bugzilla▶
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]↗2014-08-07