Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Remediation

References

CVE-2014-0198

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Request Forgery (2.0.6)

WordPress Plugin Facebook Like Box Cross-Site Request Forgery (2.8.2)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2865)

Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - 1.5.3)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.9.3)

Severity

Medium

Classification

CVE-2014-0198

Tags

Missing Update Known Vulnerabilities