Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Remediation

References

CVE-2014-0198

Related Vulnerabilities

Squid Other Vulnerability (CVE-2010-0639)

PrestaShop URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-5270)

WordPress Plugin Easy Registration Forms CSV Injection (2.0.6)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-7196)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)

Severity

Medium

Classification

CVE-2014-0198

Tags

Missing Update Known Vulnerabilities