CVE-2014-3511
published 2014-08-13CVE-2014-3511: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
13.33%
95.9th percentile
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.0.1i-1 (bookworm) | openssl 1.0.1i-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.0.1i-1 | 1.0.1i-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xfjr-6mmm-7hc7: The ssl23_get_client_hello function in s23_srvr
ghsa_unreviewed·2022-05-17
CVE-2014-3511 [MEDIUM] GHSA-xfjr-6mmm-7hc7: The ssl23_get_client_hello function in s23_srvr
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
OSV
CVE-2014-3511: The ssl23_get_client_hello function in s23_srvr
osv·2014-08-13·CVSS 4.3
CVE-2014-3511 [MEDIUM] CVE-2014-3511: The ssl23_get_client_hello function in s23_srvr
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
OSV
openssl vulnerabilities
osv·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled
certain DTLS packets. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)
Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS handshake messages. A remote attacker could use this issue
to cause OpenSSL to consume memory, resulting in a denial of service.
(CVE-2014-3506)
Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS fragments. A remote attacker could use this issue to cause
OpenSSL to leak memory, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)
Ivan Fratric discovered that OpenSSL incorrectl
BSD
FreeBSD-SA-14:18.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2014-09-09·CVSS 5.0
CVE-2014-3506 [MEDIUM] FreeBSD-SA-14:18.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-14:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2014-09-09
Affects: All supported versions of FreeBSD.
Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)
2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)
2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)
2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)
2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)
2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)
2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)
2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)
CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,
CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled
certain DTLS packets. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)
Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS handshake messages. A remote attacker could use this issue
to cause OpenSSL to consume memory, resulting in a denial of service.
(CVE-2014-3506)
Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS fragments. A remote attacker could use this issue to cause
OpenSSL to leak memory, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Red Hat
openssl: TLS protocol downgrade attack
vendor_redhat·2014-08-06·CVSS 4.3
CVE-2014-3511 [MEDIUM] CWE-390 openssl: TLS protocol downgrade attack
openssl: TLS protocol downgrade attack
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affec
Debian
CVE-2014-3511: openssl - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i...
vendor_debian·2014·CVSS 4.3
CVE-2014-3511 [MEDIUM] CVE-2014-3511: openssl - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i...
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
Scope: local
bookworm: resolved (fixed in 1.0.1i-1)
bullseye: resolved (fixed in 1.0.1i-1)
forky: resolved (fixed in 1.0.1i-1)
sid: resolved (fixed in 1.0.1i-1)
trixie: resolved (fixed in 1.0.1i-1)
No detection rules found.
Bugzilla
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]
bugzilla·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 mingw-openssl: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7
Bugzilla
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]
bugzilla·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mess
Bugzilla
CVE-2014-3511 openssl: TLS protocol downgrade attack
bugzilla·2014-08-07·CVSS 4.3
CVE-2014-3511 [MEDIUM] CVE-2014-3511 openssl: TLS protocol downgrade attack
CVE-2014-3511 openssl: TLS protocol downgrade attack
By pathologically modifying a clients ClientHello message with fragmentation, it's possible to cause the server to negotiate TLS 1.0 instead of a higher version, even if both client and server support a higher protocol version.
Discussion:
External References:
https://www.openssl.org/news/secadv_20140806.txt
---
Description below:
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message is
badly fragmented. This allows a man-in-the-middle attacker to force a
downgrade to TLS 1.0 even if both the server and the client support a higher
protocol version, by modifying the client's TLS records.
Bugzilla
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]
bugzilla·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Tenable
[R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability
blogs_tenable·2014-08-21
[R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.aschttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.aschttp://linux.oracle.com/errata/ELSA-2014-1052.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlhttp://marc.info/?l=bugtraq&m=142350350616251&w=2http://marc.info/?l=bugtraq&m=142495837901899&w=2http://marc.info/?l=bugtraq&m=142624590206005&w=2http://marc.info/?l=bugtraq&m=142660345230545&w=2http://marc.info/?l=bugtraq&m=142791032306609&w=2http://marc.info/?l=bugtraq&m=143290437727362&w=2http://marc.info/?l=bugtraq&m=143290522027658&w=2http://rhn.redhat.com/errata/RHSA-2015-0126.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0197.htmlhttp://secunia.com/advisories/58962http://secunia.com/advisories/59700http://secunia.com/advisories/59710http://secunia.com/advisories/59756http://secunia.com/advisories/59887http://secunia.com/advisories/60022http://secunia.com/advisories/60221http://secunia.com/advisories/60377http://secunia.com/advisories/60493http://secunia.com/advisories/60684http://secunia.com/advisories/60803http://secunia.com/advisories/60810http://secunia.com/advisories/60890http://secunia.com/advisories/60917http://secunia.com/advisories/60921http://secunia.com/advisories/60938http://secunia.com/advisories/61017http://secunia.com/advisories/61043http://secunia.com/advisories/61100http://secunia.com/advisories/61139http://secunia.com/advisories/61184http://secunia.com/advisories/61775http://secunia.com/advisories/61959http://security.gentoo.org/glsa/glsa-201412-39.xmlhttp://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.htmlhttp://www-01.ibm.com/support/docview.wss?uid=nas8N1020240http://www-01.ibm.com/support/docview.wss?uid=swg21682293http://www-01.ibm.com/support/docview.wss?uid=swg21683389http://www-01.ibm.com/support/docview.wss?uid=swg21686997http://www.arubanetworks.com/support/alerts/aid-08182014.txthttp://www.debian.org/security/2014/dsa-2998http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htmhttp://www.securityfocus.com/bid/69079http://www.securitytracker.com/id/1030693http://www.splunk.com/view/SP-CAAANHShttp://www.tenable.com/security/tns-2014-06https://bugzilla.redhat.com/show_bug.cgi?id=1127504https://exchange.xforce.ibmcloud.com/vulnerabilities/95162https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601bhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://kc.mcafee.com/corporate/index?page=content&id=SB10084https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.htmlhttps://support.citrix.com/article/CTX216642https://techzone.ergon.ch/CVE-2014-3511https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.aschttps://www.openssl.org/news/secadv_20140806.txtftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.aschttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.aschttp://linux.oracle.com/errata/ELSA-2014-1052.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00036.htmlhttp://marc.info/?l=bugtraq&m=142350350616251&w=2http://marc.info/?l=bugtraq&m=142495837901899&w=2http://marc.info/?l=bugtraq&m=142624590206005&w=2http://marc.info/?l=bugtraq&m=142660345230545&w=2http://marc.info/?l=bugtraq&m=142791032306609&w=2http://marc.info/?l=bugtraq&m=143290437727362&w=2http://marc.info/?l=bugtraq&m=143290522027658&w=2http://rhn.redhat.com/errata/RHSA-2015-0126.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0197.htmlhttp://secunia.com/advisories/58962http://secunia.com/advisories/59700http://secunia.com/advisories/59710http://secunia.com/advisories/59756http://secunia.com/advisories/59887http://secunia.com/advisories/60022http://secunia.com/advisories/60221http://secunia.com/advisories/60377http://secunia.com/advisories/60493http://secunia.com/advisories/60684http://secunia.com/advisories/60803http://secunia.com/advisories/60810http://secunia.com/advisories/60890http://secunia.com/advisories/60917http://secunia.com/advisories/60921http://secunia.com/advisories/60938http://secunia.com/advisories/61017http://secunia.com/advisories/61043http://secunia.com/advisories/61100http://secunia.com/advisories/61139http://secunia.com/advisories/61184http://secunia.com/advisories/61775http://secunia.com/advisories/61959
+ 24 more references
2014-08-13
Published