CVE

Id
70194  
CVE No.
CVE-2014-2899  
Status
Candidate  
Description
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.  
Phase
Assigned (20140418)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
669011 70194 CVE-2014-2899 MLIST:[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?  View
669012 70194 CVE-2014-2899 URL:http://seclists.org/oss-sec/2014/q2/126  View
669013 70194 CVE-2014-2899 MLIST:[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?  View
669014 70194 CVE-2014-2899 URL:http://seclists.org/oss-sec/2014/q2/130  View
669015 70194 CVE-2014-2899 CONFIRM:http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html  View
669016 70194 CVE-2014-2899 CONFIRM:http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html  View
669017 70194 CVE-2014-2899 BID:66780  View
669018 70194 CVE-2014-2899 URL:http://www.securityfocus.com/bid/66780  View
669019 70194 CVE-2014-2899 SECUNIA:57743  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
13373 JVNDB-2014-002248 Wireshark の RTP 解析機能の epan/dissectors/packet-rtp.c 内の srtp_add_address 関数におけるサービス運用妨害 (DoS) の脆弱性 Wireshark の RTP 解析機能の epan/dissectors/packet-rtp.c 内の srtp_add_address 関数は、SRTP の通信データを適切に更新しないため、サービス運用妨害 (アプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2014-2907 70194 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002248.html  View