NVD

Id
31748  
Name
CVE-2014-3571  
Description
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-01-08  
Modified Date
2017-01-02  
Seq
2014-3571  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
167141 31748 CVE-2014-3571 APPLE-SA-2015-04-08-2  View
167142 31748 CVE-2014-3571 FEDORA-2015-0512  View
167143 31748 CVE-2014-3571 FEDORA-2015-0601  View
167144 31748 CVE-2014-3571 openSUSE-SU-2015:0130  View
167145 31748 CVE-2014-3571 SUSE-SU-2015:0946  View
167146 31748 CVE-2014-3571 openSUSE-SU-2016:0640  View
167147 31748 CVE-2014-3571 HPSBUX03162  View
167148 31748 CVE-2014-3571 SSRT101885  View
167149 31748 CVE-2014-3571 HPSBHF03289  View
167150 31748 CVE-2014-3571 HPSBOV03318  View
167151 31748 CVE-2014-3571 HPSBMU03380  View
167152 31748 CVE-2014-3571 HPSBMU03409  View
167153 31748 CVE-2014-3571 HPSBMU03396  View
167154 31748 CVE-2014-3571 HPSBMU03413  View
167155 31748 CVE-2014-3571 HPSBMU03397  View
167156 31748 CVE-2014-3571 RHSA-2015:0066  View
167157 31748 CVE-2014-3571 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products  View
167158 31748 CVE-2014-3571 DSA-3125  View
167159 31748 CVE-2014-3571 MDVSA-2015:019  View
167160 31748 CVE-2014-3571 MDVSA-2015:062  View
167161 31748 CVE-2014-3571 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html  View
167162 31748 CVE-2014-3571 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html  View
167163 31748 CVE-2014-3571 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
167164 31748 CVE-2014-3571 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html  View
167165 31748 CVE-2014-3571 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html  View
167166 31748 CVE-2014-3571 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html  View
167167 31748 CVE-2014-3571 71937  View
167168 31748 CVE-2014-3571 1033378  View
167169 31748 CVE-2014-3571 https://bto.bluecoat.com/security-advisory/sa88  View
167170 31748 CVE-2014-3571 https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b  View
167171 31748 CVE-2014-3571 https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d  View
167172 31748 CVE-2014-3571 https://kc.mcafee.com/corporate/index?page=content&id=SB10102  View
167173 31748 CVE-2014-3571 https://kc.mcafee.com/corporate/index?page=content&id=SB10108  View
167174 31748 CVE-2014-3571 https://support.apple.com/HT204659  View
167175 31748 CVE-2014-3571 https://www.openssl.org/news/secadv_20150108.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18677 JVNDB-2014-007552 OpenSSL におけるサービス運用妨害 (DoS) の脆弱性 OpenSSL には、d1_pkt.c の dtls1_get_record 関数および s3_pkt.c の ssl3_read_n 関数に関する処理に不備があるため、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2014-3571 70859 CVE-2014-3571 31748 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007552.html 2014-05-14 2016-11-22 View