1
PublicDateAtUSN: 2014-08-07
2
Candidate: CVE-2014-3506
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
6
https://www.openssl.org/news/secadv_20140806.txt
7
https://usn.ubuntu.com/usn/usn-2308-1
9
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0
10
before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a
11
denial of service (memory consumption) via crafted DTLS handshake messages
12
that trigger memory allocations corresponding to large length values.
17
Discovered-by: Adam Langley
21
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fc7804ec392fcf8051abe6bc9da9108744d2ae35 (1.0.1)
22
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=338a5e7e5458edf4cf754fd831a451fb4b57d180 (0.9.8)
23
upstream_openssl: released (0.9.8zb,1.0.1i)
24
lucid_openssl: released (0.9.8k-7ubuntu8.20)
25
precise_openssl: released (1.0.1-4ubuntu5.17)
26
precise/esm_openssl: released (1.0.1-4ubuntu5.17)
27
trusty_openssl: released (1.0.1f-1ubuntu2.5)
28
utopic_openssl: released (1.0.1f-1ubuntu7)
29
vivid_openssl: released (1.0.1f-1ubuntu7)
30
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu7)
31
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu7)
32
wily_openssl: released (1.0.1f-1ubuntu7)
33
xenial_openssl: released (1.0.1f-1ubuntu7)
34
yakkety_openssl: released (1.0.1f-1ubuntu7)
35
zesty_openssl: released (1.0.1f-1ubuntu7)
36
artful_openssl: released (1.0.1f-1ubuntu7)
37
bionic_openssl: released (1.0.1f-1ubuntu7)
38
devel_openssl: released (1.0.1f-1ubuntu7)
41
upstream_openssl098: released (0.9.8zb)
43
precise_openssl098: ignored (reached end-of-life)
44
precise/esm_openssl098: DNE (precise was needed)
45
trusty_openssl098: needed
46
utopic_openssl098: ignored (reached end-of-life)
47
vivid_openssl098: ignored (reached end-of-life)
48
vivid/stable-phone-overlay_openssl098: DNE
49
vivid/ubuntu-core_openssl098: DNE
51
xenial_openssl098: DNE
52
yakkety_openssl098: DNE
54
artful_openssl098: DNE
55
bionic_openssl098: DNE