Description OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
CVSS vector AV:N/AC:M/C:N/I:P/A:N Exploitability: 8.6 | Impact: 2.9 Confidentiality: None
Availability: None
Affected Packages10 packages Show 5 more packages
🔴 Vulnerability Details4 GHSA GHSA-66cr-qxrv-fpg2: The ssl23_get_client_hello function in s23_srvr ↗ 2022-05-17 ▶ GHSA GHSA-3873-898q-6f32: OpenSSL before 0 ↗ 2022-05-17 ▶ OSV CVE-2014-3569: The ssl23_get_client_hello function in s23_srvr ↗ 2014-12-24 ▶ OSV CVE-2014-3568: OpenSSL before 0 ↗ 2014-10-19 ▶
📋 Vendor Advisories8 VMware VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues ↗ 2015-01-27 ▶ BSD FreeBSD-SA-14:23.openssl: OpenSSL multiple vulnerabilities ↗ 2014-10-21 ▶ Red Hat openssl: denial of service in ssl23_get_client_hello function ↗ 2014-10-21 ▶ Red Hat openssl: Build option no-ssl3 is incomplete ↗ 2014-10-15 ▶ Debian CVE-2014-3569: openssl - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, an... ↗ 2014 ▶ Show 3 more
🕵️ Threat Intelligence1 Tenable [R7] OpenSSL '20141015' Advisory Affects Tenable Products ↗ 2014-11-07 ▶
💬 Community2 Bugzilla CVE-2014-3569 openssl: denial of service in ssl23_get_client_hello function ↗ 2014-12-25 ▶ Bugzilla CVE-2014-3568 openssl: Build option no-ssl3 is incomplete ↗ 2014-10-15 ▶