CVE-2014-5139

Summary

CVE	CVE-2014-5139
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-08-13 23:55:00 UTC
Updated	2023-11-07 02:20:00 UTC
Description	The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1	beta1	All	All
Application	Openssl	Openssl	1.0.1	beta2	All	All
Application	Openssl	Openssl	1.0.1	beta3	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1f	All	All	All
Application	Openssl	Openssl	1.0.1g	All	All	All
Application	Openssl	Openssl	1.0.1h	All	All	All
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1	beta1	All	All
Application	Openssl	Openssl	1.0.1	beta2	All	All
Application	Openssl	Openssl	1.0.1	beta3	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1f	All	All	All
Application	Openssl	Openssl	1.0.1g	All	All	All
Application	Openssl	Openssl	1.0.1h	All	All	All

References

Reference	Source	Link	Tags
'[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARC	HP	marc.info
'[security bulletin] HPSBMU03267 rev.1 - HP Matrix Operating Environment and HP CloudSystem Matrix ru' - MARC	HP	marc.info
'[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Inf' - MARC	HP	marc.info
Security Advisory SA61392 - F5 LineRate Two OpenSSL Vulnerabilities - Secunia	SECUNIA	secunia.com
www.openssl.org/news/secadv_20140806.txt	CONFIRM	www.openssl.org	Vendor Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
'[security bulletin] HPSBMU03216 rev.2 - HP Service Manager running SSLv3, Multiple Remote Vulnerabil' - MARC	HP	marc.info
Security Bulletin: Multiple Vulnerabilities in Current Release of IBM® SDK for Node.js™	CONFIRM	www-01.ibm.com
Security Advisory-9 OpenSSL Vulnerabilities on Huawei products - Huawei PSIRT	CONFIRM	www.huawei.com
Security Advisory SA61184 - IBM SDK for Node.js Multiple Vulnerabilities - Secunia	SECUNIA	secunia.com
'[security bulletin] HPSBMU03283 rev.1 - HP Virtual Connect Enterprise Manager SDK running OpenSSL on' - MARC	HP	marc.info
'[security bulletin] HPSBMU03259 rev.1 - HP Version Control Repository Manager running OpenSSL on Lin' - MARC	HP	marc.info
IBM Security Bulletin: - United States	CONFIRM	www-01.ibm.com
support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html	CONFIRM	support.f5.com
Security Advisory SA61100 - syslog-ng Premium Edition OpenSSL Multiple Vulnerabilities - Secunia	SECUNIA	secunia.com
Security Advisory SA60221 - SUSE update for openssl - Secunia	SECUNIA	secunia.com
[R2] OpenSSL Protocol Downgrade Vulnerability Affects Tenable Products \| Tenable Network Security	CONFIRM	www.tenable.com
OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
Security Advisory SA61171 - F5 LineRate Multiple OpenSSL Vulnerabilities - Secunia	SECUNIA	secunia.com
'[security bulletin] HPSBMU03262 rev.1 - HP Version Control Agent running OpenSSL on Linux and Window' - MARC	HP	marc.info
'[security bulletin] HPSBMU03259 rev.1 - HP Version Control Repository Manager running OpenSSL on Lin' - MARC	HP	marc.info
NetBSD-SA2014-008	NETBSD	ftp.netbsd.org
OpenSSL: Multiple vulnerabilities (GLSA 201412-39) — Gentoo Security	GENTOO	security.gentoo.org
Security Advisory SA61775 - Huawei Multiple Products Multiple OpenSSL Vulnerabilities - Secunia	SECUNIA	secunia.com
Debian -- Security Information -- DSA-2998-1 openssl	DEBIAN	www.debian.org
About Secunia Research \| Flexera	SECUNIA	secunia.com
git.openssl.org Git - openssl.git/commit		git.openssl.org
git.openssl.org Git - openssl.git/commit		git.openssl.org
git.openssl.org Git - openssl.git/commit	CONFIRM	git.openssl.org
IBM notice: The page you requested cannot be displayed	CONFIRM	www-01.ibm.com
OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability	BID	www.securityfocus.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
FreeBSD-SA-14:18	FREEBSD	www.freebsd.org
[syslog-ng-announce] syslog-ng Premium Edition 5 LTS (5.0.6a) has been released	MLIST	lists.balabit.hu
Security Advisory SA61959 - IBM Tivoli Management Framework Multiple Vulnerabilities - Secunia	SECUNIA	secunia.com
Security Advisory SA60493 - IBM i OpenSSL Multiple Vulnerabilities - Secunia	SECUNIA	secunia.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
git.openssl.org Git - openssl.git/commit	CONFIRM	git.openssl.org
About Secunia Research \| Flexera	SECUNIA	secunia.com
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 - United States	CONFIRM	www-01.ibm.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
'[security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, R' - MARC	HP	marc.info
Security Advisory SA60803 - SUSE update for openssl1 - Secunia	SECUNIA	secunia.com
aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc	CONFIRM	aix.software.ibm.com
openSUSE-SU-2014:1052-1: moderate: update for openssl	SUSE	lists.opensuse.org
'[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and W' - MARC	HP	marc.info
'[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Wind' - MARC	HP	marc.info
Security Advisory SA60810 - Tenable SecurityCenter Multiple OpenSSL Vulnerabilities - Secunia	SECUNIA	secunia.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)