NVD
- Id
- 31693
- Name
- CVE-2014-3508
- Description
- The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of "�" characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
- Reject
- CVSS Version
- 2
- CVSS Score
- 4.3
- Severity
- Medium
- CVSS Base Score
- 4.3
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:P/I:N/A:N)
- Pub Date
- 2017-01-19
- Published
- 2014-08-13
- Modified Date
- 2017-01-06
- Seq
- 2014-3508
Related NVD References
| Id | NVD Id | NVD No. | Reference | Actions |
|---|---|---|---|---|
| 166250 | 31693 | CVE-2014-3508 | NetBSD-SA2014-008 | View |
| 166251 | 31693 | CVE-2014-3508 | http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc | View |
| 166252 | 31693 | CVE-2014-3508 | http://linux.oracle.com/errata/ELSA-2014-1052.html | View |
| 166253 | 31693 | CVE-2014-3508 | http://linux.oracle.com/errata/ELSA-2014-1053.html | View |
| 166254 | 31693 | CVE-2014-3508 | FEDORA-2014-9301 | View |
| 166255 | 31693 | CVE-2014-3508 | FEDORA-2014-9308 | View |
| 166256 | 31693 | CVE-2014-3508 | SUSE-SU-2015:0578 | View |
| 166257 | 31693 | CVE-2014-3508 | openSUSE-SU-2016:0640 | View |
| 166258 | 31693 | CVE-2014-3508 | openSUSE-SU-2014:1052 | View |
| 166259 | 31693 | CVE-2014-3508 | HPSBUX03095 | View |
| 166260 | 31693 | CVE-2014-3508 | HPSBGN03099 | View |
| 166261 | 31693 | CVE-2014-3508 | HPSBOV03099 | View |
| 166262 | 31693 | CVE-2014-3508 | SSRT101894 | View |
| 166263 | 31693 | CVE-2014-3508 | HPSBMU03267 | View |
| 166264 | 31693 | CVE-2014-3508 | SSRT101846 | View |
| 166265 | 31693 | CVE-2014-3508 | HPSBMU03304 | View |
| 166266 | 31693 | CVE-2014-3508 | HPSBMU03263 | View |
| 166267 | 31693 | CVE-2014-3508 | HPSBMU03261 | View |
| 166268 | 31693 | CVE-2014-3508 | RHSA-2014:1256 | View |
| 166269 | 31693 | CVE-2014-3508 | RHSA-2014:1297 | View |
| 166270 | 31693 | CVE-2014-3508 | 58962 | View |
| 166271 | 31693 | CVE-2014-3508 | 59700 | View |
| 166272 | 31693 | CVE-2014-3508 | 59710 | View |
| 166273 | 31693 | CVE-2014-3508 | 59743 | View |
| 166274 | 31693 | CVE-2014-3508 | 60022 | View |
| 166275 | 31693 | CVE-2014-3508 | 60221 | View |
| 166276 | 31693 | CVE-2014-3508 | 60410 | View |
| 166277 | 31693 | CVE-2014-3508 | 60493 | View |
| 166278 | 31693 | CVE-2014-3508 | 60684 | View |
| 166279 | 31693 | CVE-2014-3508 | 60778 | View |
| 166280 | 31693 | CVE-2014-3508 | 60803 | View |
| 166281 | 31693 | CVE-2014-3508 | 61017 | View |
| 166282 | 31693 | CVE-2014-3508 | 61100 | View |
| 166283 | 31693 | CVE-2014-3508 | 61171 | View |
| 166284 | 31693 | CVE-2014-3508 | 61184 | View |
| 166285 | 31693 | CVE-2014-3508 | 61214 | View |
| 166286 | 31693 | CVE-2014-3508 | 61250 | View |
| 166287 | 31693 | CVE-2014-3508 | 61392 | View |
| 166288 | 31693 | CVE-2014-3508 | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html | View |
| 166289 | 31693 | CVE-2014-3508 | http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 | View |
| 166290 | 31693 | CVE-2014-3508 | http://www-01.ibm.com/support/docview.wss?uid=swg21681752 | View |
| 166291 | 31693 | CVE-2014-3508 | http://www-01.ibm.com/support/docview.wss?uid=swg21682293 | View |
| 166292 | 31693 | CVE-2014-3508 | http://www-01.ibm.com/support/docview.wss?uid=swg21683389 | View |
| 166293 | 31693 | CVE-2014-3508 | http://www-01.ibm.com/support/docview.wss?uid=swg21686997 | View |
| 166294 | 31693 | CVE-2014-3508 | DSA-2998 | View |
| 166295 | 31693 | CVE-2014-3508 | http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm | View |
| 166296 | 31693 | CVE-2014-3508 | MDVSA-2014:158 | View |
| 166297 | 31693 | CVE-2014-3508 | 69075 | View |
| 166298 | 31693 | CVE-2014-3508 | 1030693 | View |
| 166299 | 31693 | CVE-2014-3508 | http://www.tenable.com/security/tns-2014-06 | View |
| 166300 | 31693 | CVE-2014-3508 | openssl-cve20143508-info-disc(95165) | View |
| 166301 | 31693 | CVE-2014-3508 | https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure | View |
| 166302 | 31693 | CVE-2014-3508 | https://bugzilla.redhat.com/show_bug.cgi?id=1127490 | View |
| 166303 | 31693 | CVE-2014-3508 | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 | View |
| 166304 | 31693 | CVE-2014-3508 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 | View |
| 166305 | 31693 | CVE-2014-3508 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 | View |
| 166306 | 31693 | CVE-2014-3508 | [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released | View |
| 166307 | 31693 | CVE-2014-3508 | FreeBSD-SA-14:18 | View |
| 166308 | 31693 | CVE-2014-3508 | https://www.openssl.org/news/secadv_20140806.txt | View |
Related JVN
| Id | Name | Title | Summary | Cveinfo Name | Cveinfo Id | Nvdinfo Name | Nvdinfo Id | Cvssv2 | Cvssv3 | Jvnurl | Published Date | Last Updated Date | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 14937 | JVNDB-2014-003812 | OpenSSL の crypto/objects/obj_dat.c 内の OBJ_obj2txt 関数におけるプロセスのスタックメモリから重要な情報を取得される脆弱性 | OpenSSL の crypto/objects/obj_dat.c 内の OBJ_obj2txt 関数は、プリティプリントを使用する場合、"�" 文字の存在を確認しないため、プロセスのスタックメモリから重要な情報を取得される脆弱性が存在します。 | CVE-2014-3508 | 70796 | CVE-2014-3508 | 31693 | 4.3 | http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003812.html | 2014-08-06 | 2015-06-15 | View |
