The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-06T10:00:00
Updated: 2020-02-10T14:06:35
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0198
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-06T10:44:05.470
Modified: 2022-08-29T20:50:31.340
Link: CVE-2014-0198
JSON object: View
Redhat Information
No data.
CWE