Уязвимость CVE-2014-3567: Информация

Описание

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

Важность: HIGH (7,1)

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

      End including

      0.9.8zb

      ---

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

      ---