Search for vulnerabilities
Vulnerability details: VCID-te3m-wuz7-aaam
Vulnerability ID VCID-te3m-wuz7-aaam
Aliases CVE-2014-3509
VC-OPENSSL-20140806-CVE-2014-3509
Summary A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=142660345230545&w=2
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3509.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1052
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1054
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0197
epss 0.02183 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02183 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02183 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02183 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.02401 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.07904 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.08348 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.11013 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.11013 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1425 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1425 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1425 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1425 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1425 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.1518 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
epss 0.15685 https://api.first.org/data/v1/epss?cve=CVE-2014-3509
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2014-3509
generic_textual Medium https://ubuntu.com/security/notices/USN-2308-1
generic_textual Medium https://www.openssl.org/news/secadv_20140806.txt
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3509.html
http://rhn.redhat.com/errata/RHSA-2015-0197.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3509.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3509
https://bugzilla.redhat.com/show_bug.cgi?id=1127498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
http://secunia.com/advisories/58962
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60803
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61017
http://secunia.com/advisories/61100
http://secunia.com/advisories/61139
http://secunia.com/advisories/61184
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://security.gentoo.org/glsa/glsa-201412-39.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/95159
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://support.citrix.com/article/CTX216642
https://techzone.ergon.ch/CVE-2014-3511
https://ubuntu.com/security/notices/USN-2308-1
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
https://www.openssl.org/news/secadv/20140806.txt
https://www.openssl.org/news/secadv_20140806.txt
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
http://www.securityfocus.com/bid/69084
http://www.securitytracker.com/id/1030693
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
CVE-2014-3509 https://nvd.nist.gov/vuln/detail/CVE-2014-3509
GLSA-201412-39 https://security.gentoo.org/glsa/201412-39
RHSA-2014:1052 https://access.redhat.com/errata/RHSA-2014:1052
RHSA-2014:1054 https://access.redhat.com/errata/RHSA-2014:1054
RHSA-2015:0197 https://access.redhat.com/errata/RHSA-2015:0197
USN-2308-1 https://usn.ubuntu.com/2308-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3509
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89039
EPSS Score 0.02183
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.