Trend Micro Security

OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability

2015年7月21日
  危険度: :
  CVE識別番号: CVE-2014-0198

  概要

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1006089
  Trend Micro Deep Security DPI Rule Name: 1006089 - OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability

  影響を受けるソフトウェア

  • openssl openssl 1.0.0
  • openssl openssl 1.0.0a
  • openssl openssl 1.0.0b
  • openssl openssl 1.0.0c
  • openssl openssl 1.0.0d
  • openssl openssl 1.0.0e
  • openssl openssl 1.0.0f
  • openssl openssl 1.0.0g
  • openssl openssl 1.0.0h
  • openssl openssl 1.0.0i
  • openssl openssl 1.0.0j
  • openssl openssl 1.0.0k
  • openssl openssl 1.0.0l
  • openssl openssl 1.0.1
  • openssl openssl 1.0.1a
  • openssl openssl 1.0.1b
  • openssl openssl 1.0.1c
  • openssl openssl 1.0.1d
  • openssl openssl 1.0.1e
  • openssl openssl 1.0.1f
  • openssl openssl 1.0.1g