CVE-2014-0198

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2014-0198
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2014-05-06 10:44:00 UTC
Updated2022-08-29 20:50:00 UTC
DescriptionThe do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 6.0 All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Fedoraproject Fedora 19 All All All
Operating System Fedoraproject Fedora 20 All All All
Application Mariadb Mariadb All All All All
Application Openssl Openssl 1.0.0 All All All
Application Openssl Openssl 1.0.0 beta1 All All
Application Openssl Openssl 1.0.0 beta2 All All
Application Openssl Openssl 1.0.0 beta3 All All
Application Openssl Openssl 1.0.0 beta4 All All
Application Openssl Openssl 1.0.0 beta5 All All
Application Openssl Openssl 1.0.0a All All All
Application Openssl Openssl 1.0.0b All All All
Application Openssl Openssl 1.0.0c All All All
Application Openssl Openssl 1.0.0d All All All
Application Openssl Openssl 1.0.0e All All All
Application Openssl Openssl 1.0.0f All All All
Application Openssl Openssl 1.0.0g All All All
Application Openssl Openssl 1.0.0h All All All
Application Openssl Openssl 1.0.0i All All All
Application Openssl Openssl 1.0.0j All All All
Application Openssl Openssl 1.0.0k All All All
Application Openssl Openssl 1.0.0l All All All
Application Openssl Openssl 1.0.1 All All All
Application Openssl Openssl 1.0.1 beta1 All All
Application Openssl Openssl 1.0.1 beta2 All All
Application Openssl Openssl 1.0.1 beta3 All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl 1.0.0 All All All
Application Openssl Openssl 1.0.0 beta1 All All
Application Openssl Openssl 1.0.0 beta2 All All
Application Openssl Openssl 1.0.0 beta3 All All
Application Openssl Openssl 1.0.0 beta4 All All
Application Openssl Openssl 1.0.0 beta5 All All
Application Openssl Openssl 1.0.0a All All All
Application Openssl Openssl 1.0.0b All All All
Application Openssl Openssl 1.0.0c All All All
Application Openssl Openssl 1.0.0d All All All
Application Openssl Openssl 1.0.0e All All All
Application Openssl Openssl 1.0.0f All All All
Application Openssl Openssl 1.0.0g All All All
Application Openssl Openssl 1.0.0h All All All
Application Openssl Openssl 1.0.0i All All All
Application Openssl Openssl 1.0.0j All All All
Application Openssl Openssl 1.0.0k All All All
Application Openssl Openssl 1.0.0l All All All
Application Openssl Openssl 1.0.1 All All All
Application Openssl Openssl 1.0.1 beta1 All All
Application Openssl Openssl 1.0.1 beta2 All All
Application Openssl Openssl 1.0.1 beta3 All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl All All All All
Operating System Opensuse Opensuse 12.3 All All All
Operating System Opensuse Opensuse 13.1 All All All
Operating System Suse Linux Enterprise Desktop 12 - All All
Operating System Suse Linux Enterprise Server 12 - All All
Operating System Suse Linux Enterprise Software Development Kit 12 - All All
Operating System Suse Linux Enterprise Workstation Extension 12 - All All

References

ReferenceSourceLinkTags
kb.bluecoat.com/index CONFIRM kb.bluecoat.com
About Secunia Research | Flexera SECUNIA secunia.com
CVE-2014-0198 | Puppet Labs CONFIRM puppetlabs.com
Bug 1093837 – CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() CONFIRM bugzilla.redhat.com
Security Advisory SA59301 - HP Version Control Repository Manager (VCRM) OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA58977 - IBM BladeCenter Advanced Management Module Firmware OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59162 - McAfee Multiple Products OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA58945 - IBM FastSetup OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Juniper Networks - Junos Pulse/SA (SSLVPN): Details on fixes for SSL/TLS MITM vulnerability (CVE-2014-0224)/JSA10629 - Knowledge Base CONFIRM kb.juniper.net
Mageia Advisory: MGASA-2014-0204 - Updated openssl packages fix CVE-2014-0198 CONFIRM advisories.mageia.org
Security Advisory SA60049 - HP OneView OpenSSL Two Vulnerabilities - Secunia SECUNIA secunia.com
OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability BID www.securityfocus.com
aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc CONFIRM aix.software.ibm.com
openSUSE-SU-2014:0635-1: moderate: update for openssl SUSE lists.opensuse.org
Security Advisory SA59342 - HP Smart Update Manager (HP SUM) OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
'[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnera' - MARC HP marc.info
Security Advisory SA59202 - Cisco MATE Multiple Products OpenSSL Two Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59514 - HP System Management Homepage OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
FortiGuard.com | Multiple Vulnerabilities in OpenSSL CONFIRM www.fortiguard.com
IBM Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076) - United States CONFIRM www-01.ibm.com
Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014) CONFIRM support.citrix.com
Security Advisory SA59655 - IBM SmartCloud Provisioning for IBM Provided Software Virtual Appliance OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076 - United States CONFIRM www-01.ibm.com
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19 FEDORA lists.fedoraproject.org
Security Advisory SA59287 - IBM Proventia Network Enterprise Scanner OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM InfoSphere Guardium Database Activity Monitor is affected by CVE-2014-0221, CVE-2014-0224, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 - United States CONFIRM www-01.ibm.com
VMSA-2014-0012 | United States CONFIRM www.vmware.com
Security Advisory SA59437 - IBM Rational Application Developer for WebSphere Software OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning. - United States CONFIRM www-01.ibm.com
Security Advisory SA59264 - Cisco WebEx Meetings Server / Unified Communications Manager OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59666 - IBM SDK for Node.js OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA58713 - IBM Multiple Products OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM Security Proventia Network Enterprise Scanner is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 - United States CONFIRM www-01.ibm.com
Security Advisory SA59450 - IBM API Management OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM notice: The page you requested cannot be displayed CONFIRM www-01.ibm.com
Security Advisory SA59374 - Cisco IOS XE OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM i is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198 and CVE-2014-3470 - United States CONFIRM www-01.ibm.com
Security Bulletin: Rational Application Developer is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 CONFIRM www.ibm.com
Security Advisory SA59282 - Cisco Multiple Products OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59449 - IBM Security Network Intrusion Prevention System OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
McAfee KnowledgeBase - McAfee Security Bulletin – Seven OpenSSL vulnerabilities patched in McAfee products CONFIRM kc.mcafee.com
Security Advisory SA59438 - IBM Security Access Manager for Web / Security Access Manager for Mobile Multiple Vulnerabilities - Secunia SECUNIA secunia.com
'[security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux a' - MARC HP marc.info
About Secunia Research | Flexera SECUNIA secunia.com
'[security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running Open' - MARC HP marc.info
'[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows ru' - MARC HP marc.info
mandriva.com MANDRIVA www.mandriva.com
Oracle Critical Patch Update - January 2015 CONFIRM www.oracle.com
IBM Security Bulletin: IBM Security Network Intrusion Prevention System is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470. - United States CONFIRM www-01.ibm.com
Security Advisory SA59163 - Juniper IVE OS OpenSSL Two Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA60571 - EMC Documentum Content Server Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59669 - IBM InfoSphere Guardium OpenSSL Security Issue and Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities FULLDISC seclists.org
Security Advisory SA59413 - IBM Initiate Master Data Service / IBM InfoSphere Master Data Management OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
'[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows run' - MARC HP marc.info
Security Advisory SA59300 - IBM Tivoli Management Framework OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59398 - F5 Access Policy Manager OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability - Secunia SECUNIA secunia.com
[security-announce] SUSE-SU-2015:0743-1: important: Security update for SUSE lists.opensuse.org
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
'[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Den' - MARC HP marc.info
IBM Support CONFIRM www-947.ibm.com
Security Advisory SA59990 - Cisco Quantum Policy Suite OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
www.novell.com/support/kb/doc.php CONFIRM www.novell.com
Security Advisory SA59490 - HP Version Control Agent OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA58337 - IBM Upward Integration Modules (UIM) OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM® SDK for Node.js™ is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 - United States CONFIRM www-01.ibm.com
#3321: NULL pointer dereference with SSL_MODE_RELEASE_BUFFERS flag CONFIRM rt.openssl.org
Support / Security / Advisories / / MDVSA-2015:062 | Mandriva MANDRIVA www.mandriva.com
Security Advisory SA59784 - Novell File Reporter Multiple OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59721 - IBM SmartCloud Provisioning OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products - Huawei PSIRT CONFIRM www.huawei.com
About Secunia Research | Flexera SECUNIA secunia.com
'[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), ' - MARC HP marc.info
IBM Support CONFIRM www-947.ibm.com
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products CISCO tools.cisco.com
Security Advisory SA59525 - IBM Sterling Connect:Express for UNIX OpenSSL Security Issue and Two Vulnerabilities - Secunia SECUNIA secunia.com
IBM notice: The page you requested cannot be displayed CONFIRM www-01.ibm.com
www.openssl.org/news/secadv_20140605.txt CONFIRM www.openssl.org
Gentoo Linux Documentation -- OpenSSL: Multiple vulnerabilities GENTOO security.gentoo.org
Oracle Critical Patch Update - October 2014 CONFIRM www.oracle.com
Oracle Critical Patch Update - July 2014 CONFIRM www.oracle.com
openSUSE-SU-2014:0634-1: moderate: update for openssl SUSE lists.opensuse.org
Juniper Networks - 2014-06 Out of Cycle Security Bulletin: Vulnerabilities in OpenSSL related to ChangeCipherSpec, DTLS, SSL_MODE_RELEASE_BUFFERS and ECDH ciphersuites - Knowledge Base CONFIRM kb.juniper.net
'[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows runnin' - MARC HP marc.info
IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 - United States CONFIRM www-01.ibm.com
'[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and W' - MARC HP marc.info
Security Advisory SA58667 - Cisco Multiple Products OpenSSL SSL/TLS Handshake Security Issue and Two Denial of Service Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59310 - Novell Messenger OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf CONFIRM cert-portal.siemens.com
IBM Security Bulletin: SmartCloud Orchestrator is affected by the following OpenSSL vulnerabilities (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0076) - United States CONFIRM www-01.ibm.com
Security Advisory SA59190 - Blue Coat ProxySG OpenSSL SSL/TLS Handshake Security Issue and Denial of Service Vulnerability - Secunia SECUNIA secunia.com
IBM notice: The page you requested cannot be displayed CONFIRM www-01.ibm.com
IBM SDK for Node.js 1.1.0.4 for use by the Cordova tools CONFIRM www.ibm.com
Security Advisory SA59126 - Huawei Multiple Products Multiple OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
Debian -- Security Information -- DSA-2931-1 openssl DEBIAN www.debian.org
IBM Security Bulletin: Tivoli Management Framework is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076. - United States CONFIRM www-01.ibm.com
Security Advisory SA59284 - Cisco Prime Network OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Support CONFIRM www-947.ibm.com
SecurityFocus BUGTRAQ www.securityfocus.com
www.blackberry.com/btsc/KB36051 CONFIRM www.blackberry.com
Security Advisory SA61254 - IBM InfoSphere Guardium Database Activity Monitor Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA59491 - BlackBerry OS OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: IBM Security Network Protection is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 - United States CONFIRM www-01.ibm.com
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20 FEDORA lists.fedoraproject.org
Security Advisory SA58939 - IBM SmartCloud Orchestrator OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Oracle Critical Patch Update - October 2017 CONFIRM www.oracle.com
IBM Support CONFIRM www-947.ibm.com
support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html CONFIRM support.f5.com
VMSA-2014-0006.11 | United States CONFIRM www.vmware.com
Security Advisory SA59440 - IBM Security Network Protection Security Issue and Multiple Vulnerabilities - Secunia SECUNIA secunia.com
OpenBSD 5.5 errata OPENBSD www.openbsd.org
Security Advisory SA59306 - IBM i OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 590349 Rockwell Automation Stratix 5900 Multiple Vulnerabilities (ICSA-17-094-04)
  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report