CVE-2014-3510
EPSS 14.8%
Description
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
How to fix CVE-2014-3510
To remediate CVE-2014-3510, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1i-1 or later
Is CVE-2014-3510 being exploited?
Moderate — EPSS is 14.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.0.1i-1