CVE-2014-3513

Impact:
Important
Public Date:
2014-10-15
IAVA:
2015-B-0012, 2015-B-0013, 2015-B-0014
CWE:
CWE-401
Bugzilla:
1152953: CVE-2014-3513 openssl: SRTP memory leak causes crash when using specially-crafted handshake message
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.

Find out more about CVE-2014-3513 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (openssl) RHSA-2014:1652 2014-10-16
Red Hat Enterprise Linux 7 (openssl) RHSA-2014:1652 2014-10-16
Red Hat Storage Server 2.1 (openssl) RHSA-2014:1692 2014-10-22

Affected Packages State

Platform Package State
Red Hat JBoss EWS 2 openssl Not affected
Red Hat JBoss EWS 1 openssl Not affected
Red Hat JBoss EAP 6 openssl Not affected
Red Hat JBoss EAP 5 openssl Not affected
Red Hat Enterprise Linux 5 openssl Not affected
RHEV Manager 3.5 mingw-virt-viewer Affected

External References

Last Modified