Vulnerability-Lookup

GHSA-4WJ2-RV2R-WJ7F

Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2022-05-17 19:57

Details

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-5139"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-13T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.",
  "id": "GHSA-4wj2-rv2r-wj7f",
  "modified": "2022-05-17T19:57:43Z",
  "published": "2022-05-17T19:57:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5139"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e"
    },
    {
      "type": "WEB",
      "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
    },
    {
      "type": "WEB",
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv_20140806.txt"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59700"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59710"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59756"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60022"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60221"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60493"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60803"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60810"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60917"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60921"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61017"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61100"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61171"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61184"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61392"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61775"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61959"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2998"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69077"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030693"
    },
    {
      "type": "WEB",
      "url": "http://www.tenable.com/security/tns-2014-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-5139 (GCVE-0-2014-5139)

Vulnerability from cvelistv5 – Published: 2014-08-13 23:00 – Updated: 2024-08-06 11:34

Summary

Severity

No CVSS data available.

CWE

Assigner

certcc

References

52 references

URL	Tags
http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
http://support.f5.com/kb/en-us/solutions/public/1…	x_refsource_CONFIRM
http://secunia.com/advisories/60221	third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
http://secunia.com/advisories/61184	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/60022	third-party-advisoryx_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txt	x_refsource_CONFIRM
http://secunia.com/advisories/61017	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2	vendor-advisoryx_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142791032306609&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142624619906067&w=2	vendor-advisoryx_refsource_HP
http://www.huawei.com/en/security/psirt/security-…	x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201412-39.xml	vendor-advisoryx_refsource_GENTOO
http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/69077	vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=142495837901899&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/60803	third-party-advisoryx_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
http://secunia.com/advisories/59700	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id/1030693	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/60917	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142350350616251&w=2	vendor-advisoryx_refsource_HP
http://www.tenable.com/security/tns-2014-06	x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
http://secunia.com/advisories/60493	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59710	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60921	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60810	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624679706236&w=2	vendor-advisoryx_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=nas…	x_refsource_CONFIRM
http://secunia.com/advisories/61100	third-party-advisoryx_refsource_SECUNIA
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisoryx_refsource_FREEBSD
http://secunia.com/advisories/61775	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142495837901899&w=2	vendor-advisoryx_refsource_HP
http://www.debian.org/security/2014/dsa-2998	vendor-advisoryx_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=143290437727362&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142624719706349&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/61959	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59756	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624719706349&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142624590206005&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=143290522027658&w=2	vendor-advisoryx_refsource_HP
http://aix.software.ibm.com/aix/efixes/security/o…	x_refsource_CONFIRM
http://secunia.com/advisories/61392	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142624679706236&w=2	vendor-advisoryx_refsource_HP
https://lists.balabit.hu/pipermail/syslog-ng-anno…	mailing-listx_refsource_MLIST
http://secunia.com/advisories/61171	third-party-advisoryx_refsource_SECUNIA
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142624619906067	vendor-advisoryx_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Date Public

2014-08-06 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:34:37.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
          },
          {
            "name": "60221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
          },
          {
            "name": "61184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61184"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "60022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20140806.txt"
          },
          {
            "name": "61017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61017"
          },
          {
            "name": "SSRT101818",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
          },
          {
            "name": "HPSBMU03304",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
          },
          {
            "name": "HPSBMU03259",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
          },
          {
            "name": "GLSA-201412-39",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "69077",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69077"
          },
          {
            "name": "HPSBMU03260",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "60803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60803"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0"
          },
          {
            "name": "59700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59700"
          },
          {
            "name": "1030693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030693"
          },
          {
            "name": "60917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60917"
          },
          {
            "name": "HPSBMU03216",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tenable.com/security/tns-2014-06"
          },
          {
            "name": "NetBSD-SA2014-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
          },
          {
            "name": "60493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60493"
          },
          {
            "name": "59710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59710"
          },
          {
            "name": "60921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60921"
          },
          {
            "name": "60810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60810"
          },
          {
            "name": "HPSBMU03283",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
          },
          {
            "name": "61100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61100"
          },
          {
            "name": "FreeBSD-SA-14:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
          },
          {
            "name": "61775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61775"
          },
          {
            "name": "SSRT101894",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
          },
          {
            "name": "DSA-2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2998"
          },
          {
            "name": "HPSBMU03263",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
          },
          {
            "name": "SSRT101921",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "61959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61959"
          },
          {
            "name": "59756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59756"
          },
          {
            "name": "HPSBMU03262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
          },
          {
            "name": "HPSBMU03267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
          },
          {
            "name": "HPSBMU03261",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
          },
          {
            "name": "61392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61392"
          },
          {
            "name": "SSRT101916",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
          },
          {
            "name": "61171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e"
          },
          {
            "name": "SSRT101922",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
        },
        {
          "name": "60221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
        },
        {
          "name": "61184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61184"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "60022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20140806.txt"
        },
        {
          "name": "61017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61017"
        },
        {
          "name": "SSRT101818",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
        },
        {
          "name": "HPSBMU03304",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
        },
        {
          "name": "HPSBMU03259",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
        },
        {
          "name": "GLSA-201412-39",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "69077",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69077"
        },
        {
          "name": "HPSBMU03260",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "60803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60803"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0"
        },
        {
          "name": "59700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59700"
        },
        {
          "name": "1030693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030693"
        },
        {
          "name": "60917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60917"
        },
        {
          "name": "HPSBMU03216",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tenable.com/security/tns-2014-06"
        },
        {
          "name": "NetBSD-SA2014-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
        },
        {
          "name": "60493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60493"
        },
        {
          "name": "59710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59710"
        },
        {
          "name": "60921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60921"
        },
        {
          "name": "60810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60810"
        },
        {
          "name": "HPSBMU03283",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
        },
        {
          "name": "61100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61100"
        },
        {
          "name": "FreeBSD-SA-14:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
        },
        {
          "name": "61775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61775"
        },
        {
          "name": "SSRT101894",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
        },
        {
          "name": "DSA-2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2998"
        },
        {
          "name": "HPSBMU03263",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
        },
        {
          "name": "SSRT101921",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "61959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61959"
        },
        {
          "name": "59756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59756"
        },
        {
          "name": "HPSBMU03262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
        },
        {
          "name": "HPSBMU03267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
        },
        {
          "name": "HPSBMU03261",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
        },
        {
          "name": "61392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61392"
        },
        {
          "name": "SSRT101916",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
        },
        {
          "name": "61171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e"
        },
        {
          "name": "SSRT101922",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-5139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html"
            },
            {
              "name": "60221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60221"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
            },
            {
              "name": "61184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61184"
            },
            {
              "name": "SSRT101846",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "60022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60022"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20140806.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20140806.txt"
            },
            {
              "name": "61017",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61017"
            },
            {
              "name": "SSRT101818",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
            },
            {
              "name": "HPSBMU03304",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
            },
            {
              "name": "HPSBMU03259",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
            },
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
            },
            {
              "name": "GLSA-201412-39",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
            },
            {
              "name": "HPSBHF03293",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
            },
            {
              "name": "69077",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69077"
            },
            {
              "name": "HPSBMU03260",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "60803",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60803"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0"
            },
            {
              "name": "59700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59700"
            },
            {
              "name": "1030693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030693"
            },
            {
              "name": "60917",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60917"
            },
            {
              "name": "HPSBMU03216",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
            },
            {
              "name": "http://www.tenable.com/security/tns-2014-06",
              "refsource": "CONFIRM",
              "url": "http://www.tenable.com/security/tns-2014-06"
            },
            {
              "name": "NetBSD-SA2014-008",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
            },
            {
              "name": "60493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60493"
            },
            {
              "name": "59710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59710"
            },
            {
              "name": "60921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60921"
            },
            {
              "name": "60810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60810"
            },
            {
              "name": "HPSBMU03283",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
            },
            {
              "name": "61100",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61100"
            },
            {
              "name": "FreeBSD-SA-14:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
            },
            {
              "name": "61775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61775"
            },
            {
              "name": "SSRT101894",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
            },
            {
              "name": "DSA-2998",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2998"
            },
            {
              "name": "HPSBMU03263",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
            },
            {
              "name": "SSRT101921",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
            },
            {
              "name": "61959",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61959"
            },
            {
              "name": "59756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59756"
            },
            {
              "name": "HPSBMU03262",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
            },
            {
              "name": "HPSBMU03267",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
            },
            {
              "name": "HPSBMU03261",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
            },
            {
              "name": "61392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61392"
            },
            {
              "name": "SSRT101916",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
            },
            {
              "name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
            },
            {
              "name": "61171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61171"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e"
            },
            {
              "name": "SSRT101922",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-5139",
    "datePublished": "2014-08-13T23:00:00.000Z",
    "dateReserved": "2014-07-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T11:34:37.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4WJ2-RV2R-WJ7F

CVE-2014-5139 (GCVE-0-2014-5139)

Tags

Sightings

Nomenclature