CVE-2014-5139 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-5139

CVE-2014-5139

August 13, 2014

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

Related Resources (49)

http://secunia.com/advisories/61017

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

http://secunia.com/advisories/59710

http://secunia.com/advisories/60221

https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html

http://secunia.com/advisories/60921

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624679706236&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://marc.info/?l=bugtraq&m=142624719706349&w=2

http://secunia.com/advisories/61959

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e

http://marc.info/?l=bugtraq&m=142624619906067&w=2

https://www.openssl.org/news/secadv_20140806.txt

http://www.securitytracker.com/id/1030693

http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html

http://secunia.com/advisories/60810

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://secunia.com/advisories/59756

http://secunia.com/advisories/61100

http://www.securityfocus.com/bid/69077

http://secunia.com/advisories/61184

https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5139

https://security-tracker.debian.org/tracker/CVE-2014-5139

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc

http://secunia.com/advisories/60493

http://secunia.com/advisories/60022

http://www.tenable.com/security/tns-2014-06

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://secunia.com/advisories/60917

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://secunia.com/advisories/61775

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

http://marc.info/?l=bugtraq&m=142350350616251&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

http://secunia.com/advisories/61171

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240

http://secunia.com/advisories/59700

http://www.debian.org/security/2014/dsa-2998

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0

http://www-01.ibm.com/support/docview.wss?uid=swg21682293

http://secunia.com/advisories/60803

http://secunia.com/advisories/61392

http://marc.info/?l=bugtraq&m=142624619906067

http://www-01.ibm.com/support/docview.wss?uid=swg21683389

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

CVSS v2

Base Score:

4.3

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

EPSS

Base Score:

21.08