Уязвимость CVE-2014-3509: Информация

Описание

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

Важность: MEDIUM (6,8)

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

      ---