Launchpad.net

CVE 2014-3513

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Related bugs and status

CVE-2014-3513 (Candidate) is related to these bugs:

Bug #1381790: Upgrade to OpenSSL 1.0.1j to mitigate POODLE and other issues

Summary				In	Importance	Status
	1381790	Upgrade to OpenSSL 1.0.1j to mitigate POODLE and other issues		openssl (Ubuntu)	Undecided	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://git.openssl.or...
CONFIRM: https://www.openssl.or...
DEBIAN: DSA-3053
REDHAT: RHSA-2014:1652
REDHAT: RHSA-2014:1692
SUSE: openSUSE-SU-2014:1331
UBUNTU: USN-2385-1
CONFIRM: https://blogs.oracle.c...
CONFIRM: http://advisories.mage...
CONFIRM: http://aix.software.ib...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: https://support.f5.com...
NETBSD: NetBSD-SA2014-015
SUSE: SUSE-SU-2014:1357
BID: 70584
SECTRACK: 1031052
SECUNIA: 61207
SECUNIA: 59627
SECUNIA: 61058
SECUNIA: 61073
SECUNIA: 61298
SECUNIA: 61439
SECUNIA: 61837
SECUNIA: 61959
SECUNIA: 61990
SECUNIA: 62070
GENTOO: GLSA-201412-39
MANDRIVA: MDVSA-2015:062
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-09-16-2
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://kc.mcafee.com/...
HP: HPSBMU03260
HP: SSRT101894
HP: HPSBGN03233
HP: SSRT101739
HP: SSRT101868
HP: HPSBMU03267
HP: HPSBMU03304
HP: HPSBMU03296
HP: HPSBHF03300
HP: HPSBMU03223
HP: HPSBMU03261
HP: HPSBMU03263