Launchpad.net

CVE 2014-3571

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

Related bugs and status

CVE-2014-3571 (Candidate) is related to these bugs:

Bug #1622500: Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04

		In	Importance	Status
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu)	Undecided	Invalid
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu Trusty)	Undecided	Fix Released
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu Precise)	Undecided	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3571

Related bugs and status

Related bugs

References