Vulnerability Description
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 1.0.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://secunia.com/advisories/59700
- http://secunia.com/advisories/59710
- http://secunia.com/advisories/59756
- http://secunia.com/advisories/60022
- http://secunia.com/advisories/60221
- http://secunia.com/advisories/60493
- http://secunia.com/advisories/60803
- http://secunia.com/advisories/60810
- http://secunia.com/advisories/60917
- http://secunia.com/advisories/60921
- http://secunia.com/advisories/61017
FAQ
What is CVE-2014-3512?
CVE-2014-3512 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unsp...
How severe is CVE-2014-3512?
CVE-2014-3512 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3512?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.