CVE-2014-3508
13.08.2014, 23:55
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 0.9.8 |
| openssl | openssl | 0.9.8a:a |
| openssl | openssl | 0.9.8b:b |
| openssl | openssl | 0.9.8c:c |
| openssl | openssl | 0.9.8d:d |
| openssl | openssl | 0.9.8e:e |
| openssl | openssl | 0.9.8f:f |
| openssl | openssl | 0.9.8g:g |
| openssl | openssl | 0.9.8h:h |
| openssl | openssl | 0.9.8i:i |
| openssl | openssl | 0.9.8j:j |
| openssl | openssl | 0.9.8k:k |
| openssl | openssl | 0.9.8l:l |
| openssl | openssl | 0.9.8m:m |
| openssl | openssl | 0.9.8m:m |
| openssl | openssl | 0.9.8n:n |
| openssl | openssl | 0.9.8o:o |
| openssl | openssl | 0.9.8p:p |
| openssl | openssl | 0.9.8q:q |
| openssl | openssl | 0.9.8r:r |
| openssl | openssl | 0.9.8s:s |
| openssl | openssl | 0.9.8t:t |
| openssl | openssl | 0.9.8u:u |
| openssl | openssl | 0.9.8v:v |
| openssl | openssl | 0.9.8w:w |
| openssl | openssl | 0.9.8x:x |
| openssl | openssl | 0.9.8y:y |
| openssl | openssl | 0.9.8za:za |
| openssl | openssl | 1.0.0 |
| openssl | openssl | 1.0.0:beta1 |
| openssl | openssl | 1.0.0:beta2 |
| openssl | openssl | 1.0.0:beta3 |
| openssl | openssl | 1.0.0:beta4 |
| openssl | openssl | 1.0.0:beta5 |
| openssl | openssl | 1.0.0a:a |
| openssl | openssl | 1.0.0b:b |
| openssl | openssl | 1.0.0c:c |
| openssl | openssl | 1.0.0d:d |
| openssl | openssl | 1.0.0e:e |
| openssl | openssl | 1.0.0f:f |
| openssl | openssl | 1.0.0g:g |
| openssl | openssl | 1.0.0h:h |
| openssl | openssl | 1.0.0i:i |
| openssl | openssl | 1.0.0j:j |
| openssl | openssl | 1.0.0k:k |
| openssl | openssl | 1.0.0l:l |
| openssl | openssl | 1.0.0m:m |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1:beta1 |
| openssl | openssl | 1.0.1:beta2 |
| openssl | openssl | 1.0.1:beta3 |
| openssl | openssl | 1.0.1a:a |
| openssl | openssl | 1.0.1b:b |
| openssl | openssl | 1.0.1c:c |
| openssl | openssl | 1.0.1d:d |
| openssl | openssl | 1.0.1e:e |
| openssl | openssl | 1.0.1f:f |
| openssl | openssl | 1.0.1g:g |
| openssl | openssl | 1.0.1h:h |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssl |
| ||||||||||||||||||||||||||
| openssl098 |
|
Common Weakness Enumeration
References