CVE-2014-3512Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents11 sources
Severity
7.5HIGHNVD
OSV5.0
EPSS
44.2%
top 2.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensslDebian OpensslPaloalto Cortex XDR
Timeline
PublishedAug 13
Latest updateNov 7

Description

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

debiandebian/openssl< openssl 1.0.1i-1 (bookworm)
Debianopenssl/openssl< 1.0.1i-1+3
Ubuntuopenssl/openssl< 1.0.1f-1ubuntu2.5
NVDopenssl/openssl23 versions+22

🔴Vulnerability Details

3
GHSA
GHSA-gp83-w673-qcx5: Multiple buffer overflows in crypto/srp/srp_lib2022-05-17
OSV
CVE-2014-3512: Multiple buffer overflows in crypto/srp/srp_lib2014-08-13
OSV
openssl vulnerabilities2014-08-07

📋Vendor Advisories

5
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent2024-11-07
BSD
FreeBSD-SA-14:18.openssl: OpenSSL multiple vulnerabilities2014-09-09
Ubuntu
OpenSSL vulnerabilities2014-08-07
Red Hat
openssl: SRP buffer overrun2014-08-06
Debian
CVE-2014-3512: openssl - Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in O...2014

🕵️Threat Intelligence

1
Tenable
[R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability2014-08-21

📄Research Papers

2
arXiv
Finding Security Vulnerabilities in IoT Cryptographic Protocol and Concurrent Implementations2021-04-27
arXiv
Server-side verification of client behavior in cryptographic protocols2016-03-13

💬Community

1
Bugzilla
CVE-2014-3512 openssl: SRP buffer overrun2014-08-07