« List of all CVEs

CVE-2014-0198

Published: 5/6/2014 Last updated: 8/6/2024 Reserved: 12/3/2013

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (8)

conf-libcurl conf-libssl conf-mariadb conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-mysql conf-openssl conf-srt-openssl

Products affected (1)

Product Vendor Version
n/a n/a n/a

References (224)