Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Remediation

References

CVE-2014-0198

Related Vulnerabilities

WordPress Plugin WP-HR Manager:The Human Resources Unspecified Vulnerability (2.9.4)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6897)

WordPress Plugin SEO Plugin LiveOptim Multiple Vulnerabilities (1.1.8-free)

Grafana Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-28376)

Oracle HTTP Server Improper Access Control Vulnerability (CVE-2026-34291)

Severity

Medium

Classification

CVE-2014-0198

Tags

Missing Update Known Vulnerabilities