1
PublicDateAtUSN: 2014-08-07
2
Candidate: CVE-2014-3510
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
6
https://www.openssl.org/news/secadv_20140806.txt
7
https://usn.ubuntu.com/usn/usn-2308-1
9
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8
10
before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote
11
DTLS servers to cause a denial of service (NULL pointer dereference and
12
client application crash) via a crafted handshake message in conjunction
13
with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
18
Discovered-by: Felix Gröbert
22
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=88ae012c8092852f03c50f6461175271104b4c8a (1.0.1)
23
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff5319d9038765f864ef06e2e3c766f5c01dbd7 (0.9.8)
24
upstream_openssl: released (0.9.8zb,1.0.1i)
25
lucid_openssl: released (0.9.8k-7ubuntu8.20)
26
precise_openssl: released (1.0.1-4ubuntu5.17)
27
precise/esm_openssl: released (1.0.1-4ubuntu5.17)
28
trusty_openssl: released (1.0.1f-1ubuntu2.5)
29
utopic_openssl: released (1.0.1f-1ubuntu7)
30
vivid_openssl: released (1.0.1f-1ubuntu7)
31
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu7)
32
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu7)
33
wily_openssl: released (1.0.1f-1ubuntu7)
34
xenial_openssl: released (1.0.1f-1ubuntu7)
35
yakkety_openssl: released (1.0.1f-1ubuntu7)
36
zesty_openssl: released (1.0.1f-1ubuntu7)
37
artful_openssl: released (1.0.1f-1ubuntu7)
38
bionic_openssl: released (1.0.1f-1ubuntu7)
39
devel_openssl: released (1.0.1f-1ubuntu7)
42
upstream_openssl098: released (0.9.8zb)
44
precise_openssl098: ignored (reached end-of-life)
45
precise/esm_openssl098: DNE (precise was needed)
46
trusty_openssl098: needed
47
utopic_openssl098: ignored (reached end-of-life)
48
vivid_openssl098: ignored (reached end-of-life)
49
vivid/stable-phone-overlay_openssl098: DNE
50
vivid/ubuntu-core_openssl098: DNE
52
xenial_openssl098: DNE
53
yakkety_openssl098: DNE
55
artful_openssl098: DNE
56
bionic_openssl098: DNE