Vulnerability CVE-2014-3513: Information

Description

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Severity: HIGH (7.1)

Published: Oct. 19, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openssl10p91.0.1j-alt11.0.2u-alt1.p9.2ALT-PU-2014-2312-1133582Fixed
openssl10c9f21.0.1j-alt11.0.2u-alt1.p9.1ALT-PU-2014-2312-1133582Fixed
openssl10c71.0.1j-alt1.M70C.11.0.1u-alt0.M70C.1ALT-PU-2014-2316-1133754Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*