CVE-2014-3470 - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.

CVE-2014-3470

Summary

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:10.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-09-2022 - 19:54)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1103600
title	CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment openssl is earlier than 0:1.0.1e-16.el6_5.14
oval oval:com.redhat.rhsa:tst:20140625001
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929002

AND

comment openssl-devel is earlier than 0:1.0.1e-16.el6_5.14
oval oval:com.redhat.rhsa:tst:20140625003
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929004

AND

comment openssl-perl is earlier than 0:1.0.1e-16.el6_5.14
oval oval:com.redhat.rhsa:tst:20140625005
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929008

AND

comment openssl-static is earlier than 0:1.0.1e-16.el6_5.14
oval oval:com.redhat.rhsa:tst:20140625007
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929010

rhsa

id	RHSA-2014:0625
released	2014-06-05
severity	Important
title	RHSA-2014:0625: openssl security update (Important)

bugzilla

id	1103600
title	CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment openssl is earlier than 1:1.0.1e-34.el7_0.3
oval oval:com.redhat.rhsa:tst:20140679001
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929002

AND

comment openssl-devel is earlier than 1:1.0.1e-34.el7_0.3
oval oval:com.redhat.rhsa:tst:20140679003
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929004

AND

comment openssl-libs is earlier than 1:1.0.1e-34.el7_0.3
oval oval:com.redhat.rhsa:tst:20140679005
comment openssl-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929006

AND

comment openssl-perl is earlier than 1:1.0.1e-34.el7_0.3
oval oval:com.redhat.rhsa:tst:20140679007
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929008

AND

comment openssl-static is earlier than 1:1.0.1e-34.el7_0.3
oval oval:com.redhat.rhsa:tst:20140679009
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20171929010

rhsa

id	RHSA-2014:0679
released	2014-06-10
severity	Important
title	RHSA-2014:0679: openssl security update (Important)

rpms

openssl-0:1.0.1e-16.el6_5.14
openssl-debuginfo-0:1.0.1e-16.el6_5.14
openssl-devel-0:1.0.1e-16.el6_5.14
openssl-perl-0:1.0.1e-16.el6_5.14
openssl-static-0:1.0.1e-16.el6_5.14
openssl-0:1.0.1e-16.el6_5.14
openssl-debuginfo-0:1.0.1e-16.el6_5.14
openssl-devel-0:1.0.1e-16.el6_5.14
openssl-perl-0:1.0.1e-16.el6_5.14
openssl-static-0:1.0.1e-16.el6_5.14
openssl-1:1.0.1e-34.el7_0.3
openssl-debuginfo-1:1.0.1e-34.el7_0.3
openssl-devel-1:1.0.1e-34.el7_0.3
openssl-libs-1:1.0.1e-34.el7_0.3
openssl-perl-1:1.0.1e-34.el7_0.3
openssl-static-1:1.0.1e-34.el7_0.3

refmap via4

bid	67898
bugtraq	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
cisco	20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
confirm	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://support.apple.com/kb/HT6443 http://support.citrix.com/article/CTX140876 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html http://www-01.ibm.com/support/docview.wss?uid=isg400001841 http://www-01.ibm.com/support/docview.wss?uid=isg400001843 http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 http://www-01.ibm.com/support/docview.wss?uid=swg21673137 http://www-01.ibm.com/support/docview.wss?uid=swg21675626 http://www-01.ibm.com/support/docview.wss?uid=swg21675821 http://www-01.ibm.com/support/docview.wss?uid=swg21676035 http://www-01.ibm.com/support/docview.wss?uid=swg21676062 http://www-01.ibm.com/support/docview.wss?uid=swg21676071 http://www-01.ibm.com/support/docview.wss?uid=swg21676419 http://www-01.ibm.com/support/docview.wss?uid=swg21676496 http://www-01.ibm.com/support/docview.wss?uid=swg21676501 http://www-01.ibm.com/support/docview.wss?uid=swg21676529 http://www-01.ibm.com/support/docview.wss?uid=swg21676615 http://www-01.ibm.com/support/docview.wss?uid=swg21676655 http://www-01.ibm.com/support/docview.wss?uid=swg21676879 http://www-01.ibm.com/support/docview.wss?uid=swg21676889 http://www-01.ibm.com/support/docview.wss?uid=swg21677527 http://www-01.ibm.com/support/docview.wss?uid=swg21677695 http://www-01.ibm.com/support/docview.wss?uid=swg21677828 http://www-01.ibm.com/support/docview.wss?uid=swg21677836 http://www-01.ibm.com/support/docview.wss?uid=swg21678167 http://www-01.ibm.com/support/docview.wss?uid=swg21678289 http://www-01.ibm.com/support/docview.wss?uid=swg21683332 http://www-01.ibm.com/support/docview.wss?uid=swg24037761 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 http://www.blackberry.com/btsc/KB36051 http://www.f-secure.com/en/web/labs_global/fsc-2014-6 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm http://www.ibm.com/support/docview.wss?uid=swg21676356 http://www.ibm.com/support/docview.wss?uid=swg21676793 http://www.ibm.com/support/docview.wss?uid=swg24037783 http://www.novell.com/support/kb/doc.php?id=7015264 http://www.novell.com/support/kb/doc.php?id=7015300 http://www.openssl.org/news/secadv_20140605.txt http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.splunk.com/view/SP-CAAAM2D http://www.vmware.com/security/advisories/VMSA-2014-0006.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E https://bugzilla.redhat.com/show_bug.cgi?id=1103600 https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 https://kb.bluecoat.com/index?page=content&id=SA80 https://kc.mcafee.com/corporate/index?page=content&id=SB10075 https://www.novell.com/support/kb/doc.php?id=7015271
fedora	FEDORA-2014-9301 FEDORA-2014-9308
fulldisc	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo	GLSA-201407-05
hp	HPSBGN03050 HPSBMU03051 HPSBMU03055 HPSBMU03056 HPSBMU03057 HPSBMU03062 HPSBMU03065 HPSBMU03069 HPSBMU03074 HPSBMU03076 HPSBOV03047 HPSBUX03046 SSRT101590
mandriva	MDVSA-2014:105 MDVSA-2014:106 MDVSA-2015:062
secunia	58337 58579 58615 58667 58713 58714 58716 58742 58797 58939 58945 58977 59120 59126 59162 59167 59175 59189 59191 59192 59223 59264 59282 59284 59287 59300 59301 59306 59310 59340 59342 59362 59364 59365 59413 59431 59437 59438 59440 59441 59442 59445 59449 59450 59451 59459 59460 59483 59490 59491 59495 59514 59518 59525 59655 59659 59666 59669 59721 59784 59895 59916 59990 60571 61254
suse	SUSE-SU-2015:0578 SUSE-SU-2015:0743 openSUSE-SU-2016:0640

Last major update

16-09-2022 - 19:54

Published

05-06-2014 - 21:55

Last modified

16-09-2022 - 19:54