CVE-2014-8176

Current Description

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

Basic Data

PublishedJune 12, 2015
Last ModifiedJanuary 05, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpensslOpenssl********0.9.8z
    2.3ApplicationOpensslOpenssl1.0.0*******
    2.3ApplicationOpensslOpenssl1.0.0beta1******
    2.3ApplicationOpensslOpenssl1.0.0beta2******
    2.3ApplicationOpensslOpenssl1.0.0beta3******
    2.3ApplicationOpensslOpenssl1.0.0beta4******
    2.3ApplicationOpensslOpenssl1.0.0beta5******
    2.3ApplicationOpensslOpenssl1.0.0a*******
    2.3ApplicationOpensslOpenssl1.0.0b*******
    2.3ApplicationOpensslOpenssl1.0.0c*******
    2.3ApplicationOpensslOpenssl1.0.0d*******
    2.3ApplicationOpensslOpenssl1.0.0e*******
    2.3ApplicationOpensslOpenssl1.0.0f*******
    2.3ApplicationOpensslOpenssl1.0.0g*******
    2.3ApplicationOpensslOpenssl1.0.0h*******
    2.3ApplicationOpensslOpenssl1.0.0i*******
    2.3ApplicationOpensslOpenssl1.0.0j*******
    2.3ApplicationOpensslOpenssl1.0.0k*******
    2.3ApplicationOpensslOpenssl1.0.0l*******
    2.3ApplicationOpensslOpenssl1.0.1*******
    2.3ApplicationOpensslOpenssl1.0.1beta1******
    2.3ApplicationOpensslOpenssl1.0.1beta2******
    2.3ApplicationOpensslOpenssl1.0.1beta3******
    2.3ApplicationOpensslOpenssl1.0.1a*******
    2.3ApplicationOpensslOpenssl1.0.1b*******
    2.3ApplicationOpensslOpenssl1.0.1c*******
    2.3ApplicationOpensslOpenssl1.0.1d*******
    2.3ApplicationOpensslOpenssl1.0.1e*******
    2.3ApplicationOpensslOpenssl1.0.1f*******
    2.3ApplicationOpensslOpenssl1.0.1g*******

Vulnerable Software List

VendorProductVersions
Openssl Openssl *, 1.0.0, 1.0.0a, 1.0.0b, 1.0.0c, 1.0.0d, 1.0.0e, 1.0.0f, 1.0.0g, 1.0.0h, 1.0.0i, 1.0.0j, 1.0.0k, 1.0.0l, 1.0.1, 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, 1.0.1g

References

NameSourceURLTags
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015CONFIRM
NetBSD-SA2015-008http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascNETBSD
SUSE-SU-2015:1185http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlSUSE
openSUSE-SU-2015:1277http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlSUSE
RHSA-2015:1115http://rhn.redhat.com/errata/RHSA-2015-1115.htmlREDHAT
RHSA-2016:2957http://rhn.redhat.com/errata/RHSA-2016-2957.htmlREDHAT
20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Productshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslCISCO
DSA-3287http://www.debian.org/security/2015/dsa-3287DEBIAN
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015CONFIRM
75159http://www.securityfocus.com/bid/75159BID
1032564http://www.securitytracker.com/id/1032564SECTRACK
USN-2639-1http://www.ubuntu.com/usn/USN-2639-1UBUNTU
https://bto.bluecoat.com/security-advisory/sa98https://bto.bluecoat.com/security-advisory/sa98CONFIRM
https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351CONFIRMThird Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122https://kc.mcafee.com/corporate/index?page=content&id=SB10122CONFIRM
https://openssl.org/news/secadv/20150611.txthttps://openssl.org/news/secadv/20150611.txtCONFIRM
https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guesthttps://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guestCONFIRMExploit
GLSA-201506-02https://security.gentoo.org/glsa/201506-02GENTOO
https://www.openssl.org/news/secadv_20150611.txthttps://www.openssl.org/news/secadv_20150611.txtCONFIRMVendor Advisory