OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability
Gravedad: Medio
Identificadores de CVE : CVE-2014-0198
Fecha recomendada: 21 de julio de 2015
Descripción
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1006089
Trend Micro Deep Security DPI Rule Name: 1006089 - OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability
Software y versión afectados
- openssl openssl 1.0.0
- openssl openssl 1.0.0a
- openssl openssl 1.0.0b
- openssl openssl 1.0.0c
- openssl openssl 1.0.0d
- openssl openssl 1.0.0e
- openssl openssl 1.0.0f
- openssl openssl 1.0.0g
- openssl openssl 1.0.0h
- openssl openssl 1.0.0i
- openssl openssl 1.0.0j
- openssl openssl 1.0.0k
- openssl openssl 1.0.0l
- openssl openssl 1.0.1
- openssl openssl 1.0.1a
- openssl openssl 1.0.1b
- openssl openssl 1.0.1c
- openssl openssl 1.0.1d
- openssl openssl 1.0.1e
- openssl openssl 1.0.1f
- openssl openssl 1.0.1g