CVE-2014-8176
Summary
| CVE | CVE-2014-8176 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2015-06-12 19:59:00 UTC |
|---|
| Updated | 2022-12-13 12:15:00 UTC |
|---|
| Description | The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| NetBSD-SA2015-008 |
NETBSD |
ftp.netbsd.org |
|
| OpenSSL Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| USN-2639-1: OpenSSL vulnerabilities | Ubuntu |
UBUNTU |
www.ubuntu.com |
|
| OpenSSL: Multiple vulnerabilities (GLSA 201506-02) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| #3286: DTLS client crash while clearing (freeing) the dtls1_buffer_record queue (buffered_app_data) |
CONFIRM |
rt.openssl.org |
Exploit |
| openssl.org/news/secadv/20150611.txt |
CONFIRM |
openssl.org |
|
| [security-announce] SUSE-SU-2015:1185-1: important: Security update for |
SUSE |
lists.opensuse.org |
|
| Free up s->d1->buffered_app_data.q properly. · openssl/openssl@470990f · GitHub |
CONFIRM |
github.com |
|
| Broadcom Support Portal |
CONFIRM |
bto.bluecoat.com |
|
| Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products |
CISCO |
tools.cisco.com |
|
| FortiGuard |
CONFIRM |
www.fortiguard.com |
|
| OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability |
BID |
www.securityfocus.com |
|
| www.openssl.org/news/secadv_20150611.txt |
CONFIRM |
www.openssl.org |
Vendor Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| [security-announce] openSUSE-SU-2015:1277-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| FortiGuard |
CONFIRM |
fortiguard.com |
|
| Debian -- Security Information -- DSA-3287-1 openssl |
DEBIAN |
www.debian.org |
|
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
|
| McAfee KnowledgeBase - Intel Security - Security Bulletin: Seven OpenSSL CVEs Announced on June 11, 2015 |
CONFIRM |
kc.mcafee.com |
|
| Document Display | HPE Support Center |
CONFIRM |
h20566.www2.hpe.com |
Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
- 591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 671073 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2643)
- 671109 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2509)
