CVE-2014-5139

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-5139
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142624619906067
http://marc.info/?l=bugtraq&m=142624619906067&w=2
http://marc.info/?l=bugtraq&m=142624679706236&w=2
http://marc.info/?l=bugtraq&m=142624679706236&w=2
http://marc.info/?l=bugtraq&m=142624719706349&w=2
http://marc.info/?l=bugtraq&m=142624719706349&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60803
http://secunia.com/advisories/60810
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/61017
http://secunia.com/advisories/61100
http://secunia.com/advisories/61171
http://secunia.com/advisories/61184
http://secunia.com/advisories/61392
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.securityfocus.com/bid/69077
http://www.securitytracker.com/id/1030693
http://www.tenable.com/security/tns-2014-06
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
https://www.openssl.org/news/secadv_20140806.txt Vendor Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142624619906067
http://marc.info/?l=bugtraq&m=142624619906067&w=2
http://marc.info/?l=bugtraq&m=142624679706236&w=2
http://marc.info/?l=bugtraq&m=142624679706236&w=2
http://marc.info/?l=bugtraq&m=142624719706349&w=2
http://marc.info/?l=bugtraq&m=142624719706349&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60803
http://secunia.com/advisories/60810
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/61017
http://secunia.com/advisories/61100
http://secunia.com/advisories/61171
http://secunia.com/advisories/61184
http://secunia.com/advisories/61392
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.securityfocus.com/bid/69077
http://www.securitytracker.com/id/1030693
http://www.tenable.com/security/tns-2014-06
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
https://www.openssl.org/news/secadv_20140806.txt Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc - () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc -
References () http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc - () http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc -
References () http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html - () http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html -
References () http://marc.info/?l=bugtraq&m=142350350616251&w=2 - () http://marc.info/?l=bugtraq&m=142350350616251&w=2 -
References () http://marc.info/?l=bugtraq&m=142495837901899&w=2 - () http://marc.info/?l=bugtraq&m=142495837901899&w=2 -
References () http://marc.info/?l=bugtraq&m=142624590206005&w=2 - () http://marc.info/?l=bugtraq&m=142624590206005&w=2 -
References () http://marc.info/?l=bugtraq&m=142624619906067 - () http://marc.info/?l=bugtraq&m=142624619906067 -
References () http://marc.info/?l=bugtraq&m=142624619906067&w=2 - () http://marc.info/?l=bugtraq&m=142624619906067&w=2 -
References () http://marc.info/?l=bugtraq&m=142624679706236&w=2 - () http://marc.info/?l=bugtraq&m=142624679706236&w=2 -
References () http://marc.info/?l=bugtraq&m=142624719706349&w=2 - () http://marc.info/?l=bugtraq&m=142624719706349&w=2 -
References () http://marc.info/?l=bugtraq&m=142660345230545&w=2 - () http://marc.info/?l=bugtraq&m=142660345230545&w=2 -
References () http://marc.info/?l=bugtraq&m=142791032306609&w=2 - () http://marc.info/?l=bugtraq&m=142791032306609&w=2 -
References () http://marc.info/?l=bugtraq&m=143290437727362&w=2 - () http://marc.info/?l=bugtraq&m=143290437727362&w=2 -
References () http://marc.info/?l=bugtraq&m=143290522027658&w=2 - () http://marc.info/?l=bugtraq&m=143290522027658&w=2 -
References () http://secunia.com/advisories/59700 - () http://secunia.com/advisories/59700 -
References () http://secunia.com/advisories/59710 - () http://secunia.com/advisories/59710 -
References () http://secunia.com/advisories/59756 - () http://secunia.com/advisories/59756 -
References () http://secunia.com/advisories/60022 - () http://secunia.com/advisories/60022 -
References () http://secunia.com/advisories/60221 - () http://secunia.com/advisories/60221 -
References () http://secunia.com/advisories/60493 - () http://secunia.com/advisories/60493 -
References () http://secunia.com/advisories/60803 - () http://secunia.com/advisories/60803 -
References () http://secunia.com/advisories/60810 - () http://secunia.com/advisories/60810 -
References () http://secunia.com/advisories/60917 - () http://secunia.com/advisories/60917 -
References () http://secunia.com/advisories/60921 - () http://secunia.com/advisories/60921 -
References () http://secunia.com/advisories/61017 - () http://secunia.com/advisories/61017 -
References () http://secunia.com/advisories/61100 - () http://secunia.com/advisories/61100 -
References () http://secunia.com/advisories/61171 - () http://secunia.com/advisories/61171 -
References () http://secunia.com/advisories/61184 - () http://secunia.com/advisories/61184 -
References () http://secunia.com/advisories/61392 - () http://secunia.com/advisories/61392 -
References () http://secunia.com/advisories/61775 - () http://secunia.com/advisories/61775 -
References () http://secunia.com/advisories/61959 - () http://secunia.com/advisories/61959 -
References () http://security.gentoo.org/glsa/glsa-201412-39.xml - () http://security.gentoo.org/glsa/glsa-201412-39.xml -
References () http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html - () http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html -
References () http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 - () http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21682293 - () http://www-01.ibm.com/support/docview.wss?uid=swg21682293 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21683389 - () http://www-01.ibm.com/support/docview.wss?uid=swg21683389 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21686997 - () http://www-01.ibm.com/support/docview.wss?uid=swg21686997 -
References () http://www.debian.org/security/2014/dsa-2998 - () http://www.debian.org/security/2014/dsa-2998 -
References () http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm - () http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm -
References () http://www.securityfocus.com/bid/69077 - () http://www.securityfocus.com/bid/69077 -
References () http://www.securitytracker.com/id/1030693 - () http://www.securitytracker.com/id/1030693 -
References () http://www.tenable.com/security/tns-2014-06 - () http://www.tenable.com/security/tns-2014-06 -
References () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0 - () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0 -
References () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e - () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e -
References () https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html - () https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html -
References () https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc - () https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc -
References () https://www.openssl.org/news/secadv_20140806.txt - Vendor Advisory () https://www.openssl.org/news/secadv_20140806.txt - Vendor Advisory

07 Nov 2023, 02:20

Type Values Removed Values Added
References
  • {'url': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0', 'name': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0', 'tags': [], 'refsource': 'CONFIRM'}
  • {'url': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e', 'name': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e', 'tags': [], 'refsource': 'CONFIRM'}
  • () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e -
  • () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0 -
Information

Published : 2014-08-13 23:55

Updated : 2024-11-21 02:11

NVD link : CVE-2014-5139

Mitre link : CVE-2014-5139

CVE.ORG link : CVE-2014-5139

JSON object : View

Products Affected

openssl

  • openssl
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024