CVE-2014-3513

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

http://advisories.mageia.org/MGASA-2014-0416.html

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://marc.info/?l=bugtraq&m=142804214608580&w=2

http://marc.info/?l=bugtraq&m=142834685803386&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://marc.info/?l=bugtraq&m=143290583027876&w=2

http://rhn.redhat.com/errata/RHSA-2014-1652.html

http://rhn.redhat.com/errata/RHSA-2014-1692.html

http://secunia.com/advisories/59627

http://secunia.com/advisories/61058

http://secunia.com/advisories/61073

http://secunia.com/advisories/61207

http://secunia.com/advisories/61298

http://secunia.com/advisories/61439

http://secunia.com/advisories/61837

http://secunia.com/advisories/61959

http://secunia.com/advisories/61990

http://secunia.com/advisories/62070

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://www.debian.org/security/2014/dsa-3053

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.securityfocus.com/bid/70584

http://www.securitytracker.com/id/1031052

http://www.ubuntu.com/usn/USN-2385-1

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html

https://www.openssl.org/news/secadv_20141015.txt

Details

Source: MITRE

Published: 2014-10-19

Updated: 2017-01-03

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
86245Apple Xcode < 7.0 (Mac OS X) (POODLE)NessusMacOS X Local Security Checks
high
85181HP System Management Homepage < 7.2.5 / 7.4.1 Multiple Vulnerabilities (POODLE)NessusWeb Servers
medium
83648SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)NessusSuSE Local Security Checks
low
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
81651Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)NessusWeb Servers
high
81650Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)NessusWeb Servers
high
81649Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)NessusWeb Servers
high
81146VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)NessusMisc.
medium
81085ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE)NessusMisc.
medium
81079VMSA-2015-0001 : VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues (POODLE)NessusVMware ESX Local Security Checks
low
80885IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)NessusWindows
medium
80725Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)NessusSolaris Local Security Checks
medium
80303Tenable SecurityCenter Multiple DoS (TNS-2014-11)NessusMisc.
high
80256F5 Networks BIG-IP : OpenSSL DTLS SRTP Memory Leak (SOL15722)NessusF5 Networks Local Security Checks
high
80244GLSA-201412-39 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
79547OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)NessusOracleVM Local Security Checks
high
79269openSUSE Security Update : openssl (openSUSE-SU-2014:1426-1) (POODLE)NessusSuSE Local Security Checks
low
79060RHEL 6 : Storage Server (RHSA-2014:1692) (POODLE)NessusRed Hat Local Security Checks
low
78772AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)NessusAIX Local Security Checks
high
78733openSUSE Security Update : openssl (openSUSE-SU-2014:1331-1) (POODLE)NessusSuSE Local Security Checks
low
78584stunnel < 5.06 OpenSSL Multiple Vulnerabilities (POODLE)NessusWindows
medium
78554OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)NessusWeb Servers
medium
78538Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : openssl vulnerabilities (USN-2385-1)NessusUbuntu Local Security Checks
high
78537Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20141016) (POODLE)NessusScientific Linux Local Security Checks
low
78532RHEL 6 / 7 : openssl (RHSA-2014:1652) (POODLE)NessusRed Hat Local Security Checks
low
78529Oracle Linux 6 / 7 : openssl (ELSA-2014-1652) (POODLE)NessusOracle Linux Local Security Checks
low
78520Debian DSA-3053-1 : openssl - security update (POODLE)NessusDebian Local Security Checks
low
78516CentOS 6 / 7 : openssl (CESA-2014:1652)NessusCentOS Local Security Checks
high
8552OpenSSL < 0.9.8zc / < 1.0.0o / < 1.0.1j Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
78495FreeBSD : OpenSSL -- multiple vulnerabilities (03175e62-5494-11e4-9cc1-bc5ff4fb5e7b) (POODLE)NessusFreeBSD Local Security Checks
low
78485Amazon Linux AMI : openssl (ALAS-2014-427)NessusAmazon Linux Local Security Checks
high
78483Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-288-01) (POODLE)NessusSlackware Local Security Checks
low