CVE-2014-3512

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2014-3512
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2014-08-13 23:55:00 UTC
Updated2023-11-07 02:20:00 UTC
DescriptionMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl 1.0.0 All All All
Application Openssl Openssl 1.0.0 beta1 All All
Application Openssl Openssl 1.0.0 beta2 All All
Application Openssl Openssl 1.0.0 beta3 All All
Application Openssl Openssl 1.0.0 beta4 All All
Application Openssl Openssl 1.0.0 beta5 All All
Application Openssl Openssl 1.0.0a All All All
Application Openssl Openssl 1.0.0b All All All
Application Openssl Openssl 1.0.0c All All All
Application Openssl Openssl 1.0.0d All All All
Application Openssl Openssl 1.0.0e All All All
Application Openssl Openssl 1.0.0f All All All
Application Openssl Openssl 1.0.0g All All All
Application Openssl Openssl 1.0.0h All All All
Application Openssl Openssl 1.0.0i All All All
Application Openssl Openssl 1.0.0j All All All
Application Openssl Openssl 1.0.0k All All All
Application Openssl Openssl 1.0.0l All All All
Application Openssl Openssl 1.0.0m All All All
Application Openssl Openssl 1.0.1 All All All
Application Openssl Openssl 1.0.1 beta1 All All
Application Openssl Openssl 1.0.1 beta2 All All
Application Openssl Openssl 1.0.1 beta3 All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl 1.0.1h All All All
Application Openssl Openssl 1.0.0 All All All
Application Openssl Openssl 1.0.0 beta1 All All
Application Openssl Openssl 1.0.0 beta2 All All
Application Openssl Openssl 1.0.0 beta3 All All
Application Openssl Openssl 1.0.0 beta4 All All
Application Openssl Openssl 1.0.0 beta5 All All
Application Openssl Openssl 1.0.0a All All All
Application Openssl Openssl 1.0.0b All All All
Application Openssl Openssl 1.0.0c All All All
Application Openssl Openssl 1.0.0d All All All
Application Openssl Openssl 1.0.0e All All All
Application Openssl Openssl 1.0.0f All All All
Application Openssl Openssl 1.0.0g All All All
Application Openssl Openssl 1.0.0h All All All
Application Openssl Openssl 1.0.0i All All All
Application Openssl Openssl 1.0.0j All All All
Application Openssl Openssl 1.0.0k All All All
Application Openssl Openssl 1.0.0l All All All
Application Openssl Openssl 1.0.0m All All All
Application Openssl Openssl 1.0.1 All All All
Application Openssl Openssl 1.0.1 beta1 All All
Application Openssl Openssl 1.0.1 beta2 All All
Application Openssl Openssl 1.0.1 beta3 All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl 1.0.1h All All All

References

ReferenceSourceLinkTags
'[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARC HP marc.info
git.openssl.org Git - openssl.git/commit git.openssl.org
support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html CONFIRM support.f5.com
www.openssl.org/news/secadv_20140806.txt CONFIRM www.openssl.org Vendor Advisory
About Secunia Research | Flexera SECUNIA secunia.com
About Secunia Research | Flexera SECUNIA secunia.com
OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability BID www.securityfocus.com
Security Bulletin: Multiple Vulnerabilities in Current Release of IBM® SDK for Node.js™ CONFIRM www-01.ibm.com
Security Advisory-9 OpenSSL Vulnerabilities on Huawei products - Huawei PSIRT CONFIRM www.huawei.com
Security Advisory SA61184 - IBM SDK for Node.js Multiple Vulnerabilities - Secunia SECUNIA secunia.com
IBM Security Bulletin: - United States CONFIRM www-01.ibm.com
Security Advisory SA61100 - syslog-ng Premium Edition OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA60221 - SUSE update for openssl - Secunia SECUNIA secunia.com
[R2] OpenSSL Protocol Downgrade Vulnerability Affects Tenable Products | Tenable Network Security CONFIRM www.tenable.com
OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code - SecurityTracker SECTRACK www.securitytracker.com
Security Advisory SA61171 - F5 LineRate Multiple OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
NetBSD-SA2014-008 NETBSD ftp.netbsd.org
OpenSSL: Multiple vulnerabilities (GLSA 201412-39) — Gentoo Security GENTOO security.gentoo.org
Security Advisory SA61775 - Huawei Multiple Products Multiple OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
Debian -- Security Information -- DSA-2998-1 openssl DEBIAN www.debian.org
About Secunia Research | Flexera SECUNIA secunia.com
git.openssl.org Git - openssl.git/commit CONFIRM git.openssl.org
IBM notice: The page you requested cannot be displayed CONFIRM www-01.ibm.com
About Secunia Research | Flexera SECUNIA secunia.com
FreeBSD-SA-14:18 FREEBSD www.freebsd.org
[syslog-ng-announce] syslog-ng Premium Edition 5 LTS (5.0.6a) has been released MLIST lists.balabit.hu
Security Advisory SA61959 - IBM Tivoli Management Framework Multiple Vulnerabilities - Secunia SECUNIA secunia.com
Security Advisory SA60493 - IBM i OpenSSL Multiple Vulnerabilities - Secunia SECUNIA secunia.com
About Secunia Research | Flexera SECUNIA secunia.com
About Secunia Research | Flexera SECUNIA secunia.com
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 - United States CONFIRM www-01.ibm.com
About Secunia Research | Flexera SECUNIA secunia.com
Security Advisory SA60803 - SUSE update for openssl1 - Secunia SECUNIA secunia.com
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc CONFIRM aix.software.ibm.com
openSUSE-SU-2014:1052-1: moderate: update for openssl SUSE lists.opensuse.org
Security Advisory SA60810 - Tenable SecurityCenter Multiple OpenSSL Vulnerabilities - Secunia SECUNIA secunia.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report