CVE-2014-0198
openssl - security update
EPSS 33.0%
Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
How to fix CVE-2014-0198
To remediate CVE-2014-0198, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1g-4 or later
- Debian/openssl—upgrade to 1.0.1e-2+deb7u9 or later
Is CVE-2014-0198 being exploited?
Moderate — EPSS is 33.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.1g-4
- from 0, < 1.0.1e-2+deb7u9