Launchpad.net

CVE 2014-3505

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

Related bugs and status

CVE-2014-3505 (Candidate) is related to these bugs:

Bug #1353760: Fix security issues from OpenSSL 1.0.1i

Summary				In	Importance	Status
	1353760	Fix security issues from OpenSSL 1.0.1i		openssl (Ubuntu)	Undecided	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://git.openssl.or...
CONFIRM: https://www.openssl.or...
CONFIRM: http://linux.oracle.co...
SECUNIA: 59221
SECUNIA: 60687
SECUNIA: 60824
CONFIRM: http://aix.software.ib...
NETBSD: NetBSD-SA2014-008
SECUNIA: 60917
SECUNIA: 60921
SECUNIA: 60938
DEBIAN: DSA-2998
REDHAT: RHSA-2014:1256
REDHAT: RHSA-2014:1297
SUSE: openSUSE-SU-2014:1052
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.huawei.com/...
SECUNIA: 61775
SECUNIA: 61959
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 59756
GENTOO: GLSA-201412-39
SUSE: openSUSE-SU-2016:0640
MLIST: [syslog-ng-announce] 2...
CONFIRM: http://support.f5.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://www-01.ibm.com/...
FEDORA: FEDORA-2014-9301
FEDORA: FEDORA-2014-9308
MANDRIVA: MDVSA-2014:158
BID: 69081
SECTRACK: 1030693
SECUNIA: 60803
SECUNIA: 61040
SECUNIA: 61100
SECUNIA: 61250
SECUNIA: 61184
SECUNIA: 59743
SECUNIA: 60778
SECUNIA: 58962
SECUNIA: 59700
SECUNIA: 59710
SECUNIA: 60022
SECUNIA: 60684
SECUNIA: 60221
SECUNIA: 60493
HP: HPSBOV03099
HP: HPSBUX03095
HP: SSRT101674
HP: HPSBHF03293
HP: SSRT101846