Search for vulnerabilities
Vulnerability details: VCID-zkqe-jrqc-aaab
Vulnerability ID VCID-zkqe-jrqc-aaab
Aliases CVE-2014-8176
VC-OPENSSL-20150611-CVE-2014-8176
Summary This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8176.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1115
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8176.json
epss 0.03238 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03238 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03238 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03238 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03413 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03413 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.03413 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.04007 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.05706 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25356 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.25843 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.26841 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.26841 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
epss 0.38692 https://api.first.org/data/v1/epss?cve=CVE-2014-8176
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1228611
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-8176
generic_textual Medium https://ubuntu.com/security/notices/USN-2639-1
generic_textual Moderate https://www.openssl.org/news/secadv/20150611.txt
generic_textual Medium https://www.openssl.org/news/secadv_20150611.txt
Reference id Reference type URL
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8176.html
http://rhn.redhat.com/errata/RHSA-2015-1115.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8176.json
https://api.first.org/data/v1/epss?cve=CVE-2014-8176
https://bto.bluecoat.com/security-advisory/sa98
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest
https://security.gentoo.org/glsa/201506-02
https://ubuntu.com/security/notices/USN-2639-1
https://www.openssl.org/news/secadv/20150611.txt
https://www.openssl.org/news/secadv_20150611.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
http://www.debian.org/security/2015/dsa-3287
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://www.securityfocus.com/bid/75159
http://www.securitytracker.com/id/1032564
http://www.ubuntu.com/usn/USN-2639-1
1228611 https://bugzilla.redhat.com/show_bug.cgi?id=1228611
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
CVE-2014-8176 https://nvd.nist.gov/vuln/detail/CVE-2014-8176
RHSA-2015:1115 https://access.redhat.com/errata/RHSA-2015:1115
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
USN-2639-1 https://usn.ubuntu.com/2639-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8176.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-8176
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91035
EPSS Score 0.03238
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.