The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://advisories.mageia.org/MGASA-2014-0204.html cve-icon cve-icon
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140389274407904&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140389355508263&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140431828824371&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140448122410568&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140544599631400&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140621259019789&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140752315422991&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140904544427729&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141658880509699&w=2 cve-icon cve-icon
http://puppetlabs.com/security/cve/cve-2014-0198 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://secunia.com/advisories/58337 cve-icon cve-icon
http://secunia.com/advisories/58667 cve-icon cve-icon
http://secunia.com/advisories/58713 cve-icon cve-icon
http://secunia.com/advisories/58714 cve-icon cve-icon
http://secunia.com/advisories/58939 cve-icon cve-icon
http://secunia.com/advisories/58945 cve-icon cve-icon
http://secunia.com/advisories/58977 cve-icon cve-icon
http://secunia.com/advisories/59126 cve-icon cve-icon
http://secunia.com/advisories/59162 cve-icon cve-icon
http://secunia.com/advisories/59163 cve-icon cve-icon
http://secunia.com/advisories/59190 cve-icon cve-icon
http://secunia.com/advisories/59202 cve-icon cve-icon
http://secunia.com/advisories/59264 cve-icon cve-icon
http://secunia.com/advisories/59282 cve-icon cve-icon
http://secunia.com/advisories/59284 cve-icon cve-icon
http://secunia.com/advisories/59287 cve-icon cve-icon
http://secunia.com/advisories/59300 cve-icon cve-icon
http://secunia.com/advisories/59301 cve-icon cve-icon
http://secunia.com/advisories/59306 cve-icon cve-icon
http://secunia.com/advisories/59310 cve-icon cve-icon
http://secunia.com/advisories/59342 cve-icon cve-icon
http://secunia.com/advisories/59374 cve-icon cve-icon
http://secunia.com/advisories/59398 cve-icon cve-icon
http://secunia.com/advisories/59413 cve-icon cve-icon
http://secunia.com/advisories/59437 cve-icon cve-icon
http://secunia.com/advisories/59438 cve-icon cve-icon
http://secunia.com/advisories/59440 cve-icon cve-icon
http://secunia.com/advisories/59449 cve-icon cve-icon
http://secunia.com/advisories/59450 cve-icon cve-icon
http://secunia.com/advisories/59490 cve-icon cve-icon
http://secunia.com/advisories/59491 cve-icon cve-icon
http://secunia.com/advisories/59514 cve-icon cve-icon
http://secunia.com/advisories/59525 cve-icon cve-icon
http://secunia.com/advisories/59529 cve-icon cve-icon
http://secunia.com/advisories/59655 cve-icon cve-icon
http://secunia.com/advisories/59666 cve-icon cve-icon
http://secunia.com/advisories/59669 cve-icon cve-icon
http://secunia.com/advisories/59721 cve-icon cve-icon
http://secunia.com/advisories/59784 cve-icon cve-icon
http://secunia.com/advisories/59990 cve-icon cve-icon
http://secunia.com/advisories/60049 cve-icon cve-icon
http://secunia.com/advisories/60066 cve-icon cve-icon
http://secunia.com/advisories/60571 cve-icon cve-icon
http://secunia.com/advisories/61254 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201407-05.xml cve-icon cve-icon
http://support.citrix.com/article/CTX140876 cve-icon cve-icon
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html cve-icon cve-icon
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 cve-icon cve-icon
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 cve-icon cve-icon
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 cve-icon cve-icon
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 cve-icon cve-icon
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 cve-icon cve-icon
http://www.blackberry.com/btsc/KB36051 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2931 cve-icon cve-icon
http://www.fortiguard.com/advisory/FG-IR-14-018/ cve-icon cve-icon
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm cve-icon cve-icon
http://www.ibm.com/support/docview.wss?uid=swg21676356 cve-icon cve-icon
http://www.ibm.com/support/docview.wss?uid=swg24037783 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 cve-icon cve-icon
http://www.openbsd.org/errata55.html#005_openssl cve-icon cve-icon
http://www.openssl.org/news/secadv_20140605.txt cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/67193 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0006.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1093837 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 cve-icon cve-icon
https://kb.bluecoat.com/index?page=content&id=SA80 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0198 cve-icon
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0198 cve-icon
https://www.novell.com/support/kb/doc.php?id=7015271 cve-icon cve-icon
https://www.openssl.org/news/secadv_20140605.txt cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T09:05:39.267Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0198

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-05-06T10:44:05.470

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-0198

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-04-21T00:00:00Z

Links: CVE-2014-0198 - Bugzilla

cve-icon OpenCVE Enrichment

No data.