« List of all CVEs

CVE-2014-3470

Published: 6/5/2014 Last updated: 8/6/2024 Reserved: 5/14/2014

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (8)

conf-libcurl conf-libssl conf-mariadb conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-mysql conf-openssl conf-srt-openssl

Products affected (1)

Product Vendor Version
n/a n/a 10 Version 1803 for ARM64-based Systems

References (302)